From sle-updates at lists.suse.com Mon May 1 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 01 May 2023 08:30:01 -0000 Subject: SUSE-SU-2023:2078-1: important: Security update for webkit2gtk3 Message-ID: <168292980197.13218.17315746139414193247@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2078-1 Rating: important References: * #1210295 * #1210731 Cross-References: * CVE-2022-0108 * CVE-2022-32885 * CVE-2022-32886 * CVE-2022-32912 * CVE-2023-25358 * CVE-2023-25360 * CVE-2023-25361 * CVE-2023-25362 * CVE-2023-25363 * CVE-2023-27932 * CVE-2023-27954 * CVE-2023-28205 CVSS scores: * CVE-2022-0108 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-32886 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32886 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25358 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25358 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25360 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25360 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25361 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25361 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25362 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25363 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25363 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypass. * CVE-2023-27954: Fixed sensitive user information tracking. * CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: * CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2078=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2078=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2078=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150000.3.139.1 * webkit2gtk3-debugsource-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 * webkit2gtk3-devel-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.38.6-150000.3.139.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150000.3.139.1 * webkit2gtk3-debugsource-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 * webkit2gtk3-devel-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.38.6-150000.3.139.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150000.3.139.1 * webkit2gtk3-debugsource-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 * webkit2gtk3-devel-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.38.6-150000.3.139.1 * SUSE CaaS Platform 4.0 (x86_64) * typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150000.3.139.1 * webkit2gtk3-debugsource-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 * webkit2gtk3-devel-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150000.3.139.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150000.3.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 * libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.38.6-150000.3.139.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0108.html * https://www.suse.com/security/cve/CVE-2022-32885.html * https://www.suse.com/security/cve/CVE-2022-32886.html * https://www.suse.com/security/cve/CVE-2022-32912.html * https://www.suse.com/security/cve/CVE-2023-25358.html * https://www.suse.com/security/cve/CVE-2023-25360.html * https://www.suse.com/security/cve/CVE-2023-25361.html * https://www.suse.com/security/cve/CVE-2023-25362.html * https://www.suse.com/security/cve/CVE-2023-25363.html * https://www.suse.com/security/cve/CVE-2023-27932.html * https://www.suse.com/security/cve/CVE-2023-27954.html * https://www.suse.com/security/cve/CVE-2023-28205.html * https://bugzilla.suse.com/show_bug.cgi?id=1210295 * https://bugzilla.suse.com/show_bug.cgi?id=1210731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 1 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 01 May 2023 08:30:04 -0000 Subject: SUSE-SU-2023:2077-1: important: Security update for webkit2gtk3 Message-ID: <168292980421.13218.4340718377667001856@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2077-1 Rating: important References: * #1210295 * #1210731 Cross-References: * CVE-2022-0108 * CVE-2022-32885 * CVE-2022-32886 * CVE-2022-32912 * CVE-2023-25358 * CVE-2023-25360 * CVE-2023-25361 * CVE-2023-25362 * CVE-2023-25363 * CVE-2023-27932 * CVE-2023-27954 * CVE-2023-28205 CVSS scores: * CVE-2022-0108 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-32886 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32886 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25358 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25358 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25360 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25360 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25361 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25361 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25362 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25363 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25363 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypass. * CVE-2023-27954: Fixed sensitive user information tracking. * CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: * CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2077=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2077=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2077=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2077=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2077=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2077=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2077=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2077=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2077=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2077=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2077=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2077=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2077=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2077=1 ## Package List: * openSUSE Leap 15.4 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Manager Proxy 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * SUSE Manager Proxy 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * SUSE Manager Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.72.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.72.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.72.1 * webkit2gtk3-debugsource-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.72.1 * libjavascriptcoregtk-4_0-18-2.38.6-150200.72.1 * typelib-1_0-WebKit2-4_0-2.38.6-150200.72.1 * webkit2gtk3-devel-2.38.6-150200.72.1 * libwebkit2gtk-4_0-37-2.38.6-150200.72.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.72.1 * SUSE Enterprise Storage 7 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.72.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0108.html * https://www.suse.com/security/cve/CVE-2022-32885.html * https://www.suse.com/security/cve/CVE-2022-32886.html * https://www.suse.com/security/cve/CVE-2022-32912.html * https://www.suse.com/security/cve/CVE-2023-25358.html * https://www.suse.com/security/cve/CVE-2023-25360.html * https://www.suse.com/security/cve/CVE-2023-25361.html * https://www.suse.com/security/cve/CVE-2023-25362.html * https://www.suse.com/security/cve/CVE-2023-25363.html * https://www.suse.com/security/cve/CVE-2023-27932.html * https://www.suse.com/security/cve/CVE-2023-27954.html * https://www.suse.com/security/cve/CVE-2023-28205.html * https://bugzilla.suse.com/show_bug.cgi?id=1210295 * https://bugzilla.suse.com/show_bug.cgi?id=1210731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 2 07:03:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2023 09:03:08 +0200 (CEST) Subject: SUSE-CU-2023:1389-1: Security update of suse/registry Message-ID: <20230502070308.2D4F9F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1389-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-8.2 , suse/registry:latest Container Release : 8.2 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Tue May 2 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 02 May 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2087-1: important: This update has recommended fixes for ffmpeg-4 Message-ID: <168304500308.19638.13286424419969004133@smelt2.suse.de> # This update has recommended fixes for ffmpeg-4 Announcement ID: SUSE-SU-2023:2087-1 Rating: important References: * #1206067 * #1209934 Cross-References: * CVE-2022-48434 CVSS scores: * CVE-2022-48434 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48434 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This updates fixes the following issues for ffmpeg-4: Security fixes: * CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). Other fixes: * Add necessary subpackages to the Packagehub. (bsc#1206067) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2087=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2087=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2087=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2087=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavcodec58_134-4.4-150400.3.15.1 * libavresample4_0-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-libswscale-devel-4.4-150400.3.15.1 * libavfilter7_110-debuginfo-4.4-150400.3.15.1 * libavformat58_76-4.4-150400.3.15.1 * libpostproc55_9-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-libavresample-devel-4.4-150400.3.15.1 * libavresample4_0-4.4-150400.3.15.1 * libavutil56_70-4.4-150400.3.15.1 * ffmpeg-4-debugsource-4.4-150400.3.15.1 * ffmpeg-4-4.4-150400.3.15.1 * ffmpeg-4-private-devel-4.4-150400.3.15.1 * libswresample3_9-4.4-150400.3.15.1 * libswscale5_9-4.4-150400.3.15.1 * libswscale5_9-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-libavutil-devel-4.4-150400.3.15.1 * ffmpeg-4-libswresample-devel-4.4-150400.3.15.1 * ffmpeg-4-libpostproc-devel-4.4-150400.3.15.1 * libavformat58_76-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-libavformat-devel-4.4-150400.3.15.1 * libavfilter7_110-4.4-150400.3.15.1 * libavcodec58_134-debuginfo-4.4-150400.3.15.1 * libswresample3_9-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-4.4-150400.3.15.1 * ffmpeg-4-libavfilter-devel-4.4-150400.3.15.1 * libpostproc55_9-4.4-150400.3.15.1 * ffmpeg-4-libavcodec-devel-4.4-150400.3.15.1 * ffmpeg-4-libavdevice-devel-4.4-150400.3.15.1 * libavdevice58_13-debuginfo-4.4-150400.3.15.1 * libavutil56_70-debuginfo-4.4-150400.3.15.1 * openSUSE Leap 15.4 (x86_64) * libavcodec58_134-32bit-debuginfo-4.4-150400.3.15.1 * libswresample3_9-32bit-4.4-150400.3.15.1 * libavformat58_76-32bit-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-32bit-debuginfo-4.4-150400.3.15.1 * libavresample4_0-32bit-4.4-150400.3.15.1 * libswscale5_9-32bit-4.4-150400.3.15.1 * libavdevice58_13-32bit-4.4-150400.3.15.1 * libswscale5_9-32bit-debuginfo-4.4-150400.3.15.1 * libavfilter7_110-32bit-debuginfo-4.4-150400.3.15.1 * libswresample3_9-32bit-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-32bit-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-32bit-4.4-150400.3.15.1 * libavformat58_76-32bit-4.4-150400.3.15.1 * libavutil56_70-32bit-debuginfo-4.4-150400.3.15.1 * libavcodec58_134-32bit-4.4-150400.3.15.1 * libavresample4_0-32bit-debuginfo-4.4-150400.3.15.1 * libavutil56_70-32bit-4.4-150400.3.15.1 * libavfilter7_110-32bit-4.4-150400.3.15.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libavcodec58_134-4.4-150400.3.15.1 * libavutil56_70-4.4-150400.3.15.1 * libavformat58_76-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-debugsource-4.4-150400.3.15.1 * libpostproc55_9-4.4-150400.3.15.1 * ffmpeg-4-debuginfo-4.4-150400.3.15.1 * libswresample3_9-4.4-150400.3.15.1 * libavformat58_76-4.4-150400.3.15.1 * libavcodec58_134-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-debuginfo-4.4-150400.3.15.1 * libswresample3_9-debuginfo-4.4-150400.3.15.1 * libavutil56_70-debuginfo-4.4-150400.3.15.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libavresample4_0-debuginfo-4.4-150400.3.15.1 * libavresample4_0-4.4-150400.3.15.1 * ffmpeg-4-debugsource-4.4-150400.3.15.1 * ffmpeg-4-4.4-150400.3.15.1 * libpostproc55_9-4.4-150400.3.15.1 * ffmpeg-4-debuginfo-4.4-150400.3.15.1 * libavfilter7_110-4.4-150400.3.15.1 * libavfilter7_110-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-4.4-150400.3.15.1 * SUSE Package Hub 15 15-SP4 (aarch64_ilp32) * libpostproc55_9-64bit-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-64bit-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-64bit-4.4-150400.3.15.1 * libavfilter7_110-64bit-4.4-150400.3.15.1 * libavdevice58_13-64bit-4.4-150400.3.15.1 * libavfilter7_110-64bit-debuginfo-4.4-150400.3.15.1 * libavresample4_0-64bit-debuginfo-4.4-150400.3.15.1 * libavresample4_0-64bit-4.4-150400.3.15.1 * SUSE Package Hub 15 15-SP4 (ppc64le s390x x86_64) * libavformat58_76-debuginfo-4.4-150400.3.15.1 * libavformat58_76-4.4-150400.3.15.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libpostproc55_9-32bit-debuginfo-4.4-150400.3.15.1 * libavresample4_0-32bit-4.4-150400.3.15.1 * libavdevice58_13-32bit-4.4-150400.3.15.1 * libavfilter7_110-32bit-debuginfo-4.4-150400.3.15.1 * libavdevice58_13-32bit-debuginfo-4.4-150400.3.15.1 * libpostproc55_9-32bit-4.4-150400.3.15.1 * libswresample3_9-4.4-150400.3.15.1 * libavresample4_0-32bit-debuginfo-4.4-150400.3.15.1 * libavfilter7_110-32bit-4.4-150400.3.15.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libavformat58_76-debuginfo-4.4-150400.3.15.1 * ffmpeg-4-debugsource-4.4-150400.3.15.1 * ffmpeg-4-debuginfo-4.4-150400.3.15.1 * libavformat58_76-4.4-150400.3.15.1 * libswscale5_9-4.4-150400.3.15.1 * libswscale5_9-debuginfo-4.4-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48434.html * https://bugzilla.suse.com/show_bug.cgi?id=1206067 * https://bugzilla.suse.com/show_bug.cgi?id=1209934 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 2 16:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 02 May 2023 16:30:28 -0000 Subject: SUSE-SU-2023:1581-2: important: Security update for ceph Message-ID: <168304502898.19638.4496916730925997745@smelt2.suse.de> # Security update for ceph Announcement ID: SUSE-SU-2023:1581-2 Rating: important References: * #1187748 * #1188911 * #1192838 * #1192840 * #1196046 * #1199183 * #1200262 * #1200317 * #1200501 * #1200978 * #1201604 * #1201797 * #1201837 * #1201976 * #1202077 * #1202292 * #1203375 * #1204430 * #1205025 * #1205436 * #1206158 Cross-References: * CVE-2022-0670 * CVE-2022-3650 * CVE-2022-3854 CVSS scores: * CVE-2022-0670 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2022-0670 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-3650 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2022-3650 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3854 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves three vulnerabilities and has 18 fixes can now be installed. ## Description: This update for ceph fixes the following issues: Security issues fixed: * CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). * CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). * CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: * osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). * ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). * cephadm: update monitoring container images (bsc#1200501). * mgr/dashboard: prevent alert redirect (bsc#1200978). * mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). * monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). * mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). * python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). * mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). * ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). * cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: * mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). * When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). * OSD marked down causes wrong backfill_toofull (bsc#1188911). * cephadm: Fix iscsi client caps (allow mgr calls) (bsc#1192838). * mgr/cephadm: fix and improve osd draining (bsc#1200317). * add iscsi and nfs to upgrade process (bsc#1206158). * mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1581=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1581=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * ceph-debugsource-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librbd1-debuginfo-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librados2-debuginfo-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * ceph-debugsource-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librbd1-debuginfo-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librados2-debuginfo-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1 * librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0670.html * https://www.suse.com/security/cve/CVE-2022-3650.html * https://www.suse.com/security/cve/CVE-2022-3854.html * https://bugzilla.suse.com/show_bug.cgi?id=1187748 * https://bugzilla.suse.com/show_bug.cgi?id=1188911 * https://bugzilla.suse.com/show_bug.cgi?id=1192838 * https://bugzilla.suse.com/show_bug.cgi?id=1192840 * https://bugzilla.suse.com/show_bug.cgi?id=1196046 * https://bugzilla.suse.com/show_bug.cgi?id=1199183 * https://bugzilla.suse.com/show_bug.cgi?id=1200262 * https://bugzilla.suse.com/show_bug.cgi?id=1200317 * https://bugzilla.suse.com/show_bug.cgi?id=1200501 * https://bugzilla.suse.com/show_bug.cgi?id=1200978 * https://bugzilla.suse.com/show_bug.cgi?id=1201604 * https://bugzilla.suse.com/show_bug.cgi?id=1201797 * https://bugzilla.suse.com/show_bug.cgi?id=1201837 * https://bugzilla.suse.com/show_bug.cgi?id=1201976 * https://bugzilla.suse.com/show_bug.cgi?id=1202077 * https://bugzilla.suse.com/show_bug.cgi?id=1202292 * https://bugzilla.suse.com/show_bug.cgi?id=1203375 * https://bugzilla.suse.com/show_bug.cgi?id=1204430 * https://bugzilla.suse.com/show_bug.cgi?id=1205025 * https://bugzilla.suse.com/show_bug.cgi?id=1205436 * https://bugzilla.suse.com/show_bug.cgi?id=1206158 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 2 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 02 May 2023 20:30:03 -0000 Subject: SUSE-SU-2023:2038-2: important: Security update for git Message-ID: <168305940392.25277.5015599749678778819@smelt2.suse.de> # Security update for git Announcement ID: SUSE-SU-2023:2038-2 Rating: important References: * #1210686 Cross-References: * CVE-2023-25652 * CVE-2023-25815 * CVE-2023-29007 CVSS scores: * CVE-2023-25652 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25815 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25815 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-29007 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2023-29007 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). * CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). * CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2038=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2038=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2038=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2038=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2038=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2038=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2038=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2038=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * git-doc-2.35.3-150300.10.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * git-doc-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.35.3-150300.10.27.1 * SUSE Manager Proxy 4.2 (x86_64) * git-core-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * git-core-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * git-core-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.35.3-150300.10.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25652.html * https://www.suse.com/security/cve/CVE-2023-25815.html * https://www.suse.com/security/cve/CVE-2023-29007.html * https://bugzilla.suse.com/show_bug.cgi?id=1210686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 3 07:15:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2023 09:15:05 +0200 (CEST) Subject: SUSE-CU-2023:1418-1: Recommended update of bci/rust Message-ID: <20230503071505.7758BF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1418-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-3.2 Container Release : 3.2 Severity : moderate Type : recommended References : 1209839 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2088-1 Released: Tue May 2 18:08:06 2023 Summary: Recommended update for rust, rust1.68 Type: recommended Severity: moderate References: 1209839 This update for rust, rust1.68 fixes the following issues: Changes in rust1.68: - bsc#1209839 - replace leaked github keys in rust/cargo Version 1.68.2 (2023-03-28) =========================== - Update the GitHub RSA host key bundled within Cargo The key was rotated by GitHub (https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/) on 2023-03-24 after the old one leaked. - Mark the old GitHub RSA host key as revoked](https://github.com/rust-lang/cargo/pull/11889). This will prevent Cargo from accepting the leaked key even when trusted by the system. - Add support for `@revoked` and a better error message for `@cert-authority` in Cargo's SSH host key verification - Fix miscompilation in produced Windows MSVC artifacts This was introduced by enabling ThinLTO for the distributed rustc which led to miscompilations in the resulting binary. Currently this is believed to be limited to the -Zdylib-lto flag used for rustc compilation, rather than a general bug in ThinLTO, so only rustc artifacts should be affected. - Fix --enable-local-rust builds - Treat `$prefix-clang` as `clang` in linker detection code - Fix panic in compiler code The following package changes have been done: - rust1.68-1.68.2-150400.9.10.2 updated - cargo1.68-1.68.2-150400.9.10.2 updated - container:sles15-image-15.0.0-27.14.56 updated From sle-updates at lists.suse.com Wed May 3 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 03 May 2023 08:30:04 -0000 Subject: SUSE-RU-2023:2090-1: moderate: Recommended update for sapconf Message-ID: <168310260443.2787.3936204993154566845@smelt2.suse.de> # Recommended update for sapconf Announcement ID: SUSE-RU-2023:2090-1 Rating: moderate References: * #1207899 * #1209408 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has two recommended fixes can now be installed. ## Description: This update for sapconf fixes the following issues: * version update from 5.0.5 to 5.0.6 * add parameter IGNORE_RELOAD to /etc/sysconfig/sapconf to prevent sapconf from changing any system tunables during package update (bsc#1209408) * fix for a race condition which leads to a missing start/restart of sapconf, which ends up with restored kernel parameters to defaults (bsc#1207899) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2090=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2090=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2090=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2090=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2090=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2090=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2090=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2090=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * sapconf-5.0.6-40.77.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * sapconf-5.0.6-40.77.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * sapconf-5.0.6-40.77.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207899 * https://bugzilla.suse.com/show_bug.cgi?id=1209408 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 3 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 03 May 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2089-1: moderate: Recommended update for sapconf Message-ID: <168310260728.2787.3975400465350455041@smelt2.suse.de> # Recommended update for sapconf Announcement ID: SUSE-RU-2023:2089-1 Rating: moderate References: * #1207899 * #1209408 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for sapconf fixes the following issues: * version update from 5.0.5 to 5.0.6 * add parameter IGNORE_RELOAD to /etc/sysconfig/sapconf to prevent sapconf from changing any system tunables during package update (bsc#1209408) * fix for a race condition which leads to a missing start/restart of sapconf, which ends up with restored kernel parameters to defaults (bsc#1207899) correctly. Only the DM multipath devices (mpath) will be used for ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2089=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2089=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2089=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2089=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2089=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2089=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2089=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2089=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2089=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2089=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2089=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2089=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2089=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2089=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2089=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2089=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2089=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2089=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * sapconf-5.0.6-150000.7.27.1 * Server Applications Module 15-SP4 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Manager Proxy 4.2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Manager Server 4.2 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Enterprise Storage 7.1 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE Enterprise Storage 7 (noarch) * sapconf-5.0.6-150000.7.27.1 * SUSE CaaS Platform 4.0 (noarch) * sapconf-5.0.6-150000.7.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207899 * https://bugzilla.suse.com/show_bug.cgi?id=1209408 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 3 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 03 May 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2091-1: important: Security update for shim Message-ID: <168311700609.3508.10632068737526250300@smelt2.suse.de> # Security update for shim Announcement ID: SUSE-SU-2023:2091-1 Rating: important References: * #1198458 Cross-References: * CVE-2022-28737 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for shim fixes the following issues: * Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2091=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2091=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2091=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2091=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2091=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2091=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2091=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2091=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * shim-15.7-25.27.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * shim-15.7-25.27.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * shim-15.7-25.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://bugzilla.suse.com/show_bug.cgi?id=1198458 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:08 -0000 Subject: SUSE-RU-2023:1842-1: important: Recommended update for crmsh Message-ID: <168321210807.13634.16313382451931182300@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:1842-1 Rating: important References: * #1202177 * #1206606 * #1208327 * #1208934 * #1208936 * #1209986 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Check for passwordless SSH between cluster nodes (bsc#1209986) * Fix automatic upgrade to execute quietly and non-interactively (bsc#1208327, bsc#1208934) * Fix automatic upgrade not to run when crmsh is called by a non-root user (bsc#1208936) * Fix `crm cluster start` to wait till all nodes have joined the cluster before starting any resource or fencing systems (bsc#1202177) * Fix crm report to catch read exception and give a error message (bsc#1206606) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1842=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1842=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crmsh-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-scripts-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-test-4.4.1+20230329.13f2537f-150400.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * crmsh-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-scripts-4.4.1+20230329.13f2537f-150400.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206606 * https://bugzilla.suse.com/show_bug.cgi?id=1208327 * https://bugzilla.suse.com/show_bug.cgi?id=1208934 * https://bugzilla.suse.com/show_bug.cgi?id=1208936 * https://bugzilla.suse.com/show_bug.cgi?id=1209986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:09 -0000 Subject: SUSE-SU-2023:1837-1: important: Security update for apache2-mod_auth_openidc Message-ID: <168321210916.13634.1098819005602282693@smelt2.suse.de> # Security update for apache2-mod_auth_openidc Announcement ID: SUSE-SU-2023:1837-1 Rating: important References: * #1190855 * #1206441 * #1210073 Cross-References: * CVE-2022-23527 * CVE-2023-28625 CVSS scores: * CVE-2022-23527 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2022-23527 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-28625 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1837=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1837=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1837=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1837=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1837=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1837=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1837=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1837=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.0-7.9.1 * apache2-mod_auth_openidc-2.4.0-7.9.1 * apache2-mod_auth_openidc-debugsource-2.4.0-7.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-23527.html * https://www.suse.com/security/cve/CVE-2023-28625.html * https://bugzilla.suse.com/show_bug.cgi?id=1190855 * https://bugzilla.suse.com/show_bug.cgi?id=1206441 * https://bugzilla.suse.com/show_bug.cgi?id=1210073 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:10 -0000 Subject: SUSE-RU-2023:1836-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <168321211028.13634.4356946494124148313@smelt2.suse.de> # Recommended update for lifecycle-data-sle-live-patching Announcement ID: SUSE-RU-2023:1836-1 Rating: moderate References: * #1020320 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 12 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-live-patching fixes the following issues: * Added data for 4_12_14-122_147, 4_12_14-122_150, 4_12_14-95_117. (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12 zypper in -t patch SUSE-SLE-Live-Patching-12-2023-1836=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-1836=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1836=1 ## Package List: * SUSE Linux Enterprise Live Patching 12 (noarch) * lifecycle-data-sle-live-patching-1-10.125.1 * SUSE Linux Enterprise Live Patching 12-SP4 (noarch) * lifecycle-data-sle-live-patching-1-10.125.1 * SUSE Linux Enterprise Live Patching 12-SP5 (noarch) * lifecycle-data-sle-live-patching-1-10.125.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:11 -0000 Subject: SUSE-RU-2023:1835-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <168321211133.13634.6914459712844941347@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2023:1835-1 Rating: moderate References: * #1020320 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: * Added data for 4_12_14-150100_197_134, 5_14_21-150400_24_41, 5_14_21-150400_24_46, 5_3_18-150200_24_142, 5_3_18-150300_59_109, 5_3_18-150300_59_112, +kernel-livepatch-5_14_21-150400_15_11-rt, _,2024-02-23+kernel-livepatch-5_14_21-150400_15_8-rt,_ ,2024-01-26 (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1835=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-1835=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-1835=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-1835=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1835=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.90.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.90.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.90.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.90.1 * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.90.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:12 -0000 Subject: SUSE-SU-2023:1834-1: moderate: Security update for cmark Message-ID: <168321211232.13634.15731003300008182383@smelt2.suse.de> # Security update for cmark Announcement ID: SUSE-SU-2023:1834-1 Rating: moderate References: * #1207674 Cross-References: * CVE-2023-22486 CVSS scores: * CVE-2023-22486 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for cmark fixes the following issues: * CVE-2023-22486: Fixed quadratic complexity in handle_close_bracket may lead to a denial of service (bsc#1207674). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1834=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1834=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1834=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cmark-0.30.2-150400.3.3.1 * cmark-debugsource-0.30.2-150400.3.3.1 * cmark-debuginfo-0.30.2-150400.3.3.1 * cmark-devel-0.30.2-150400.3.3.1 * libcmark0_30_2-debuginfo-0.30.2-150400.3.3.1 * libcmark0_30_2-0.30.2-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcmark0_30_2-0.30.2-150400.3.3.1 * cmark-debuginfo-0.30.2-150400.3.3.1 * libcmark0_30_2-debuginfo-0.30.2-150400.3.3.1 * cmark-debugsource-0.30.2-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * cmark-0.30.2-150400.3.3.1 * cmark-debuginfo-0.30.2-150400.3.3.1 * cmark-debugsource-0.30.2-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22486.html * https://bugzilla.suse.com/show_bug.cgi?id=1207674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:13 -0000 Subject: SUSE-SU-2023:1832-1: critical: Security update for SUSE Manager Proxy and Retail Branch Server 4.2 Message-ID: <168321211364.13634.15006342573371666824@smelt2.suse.de> # Security update for SUSE Manager Proxy and Retail Branch Server 4.2 Announcement ID: SUSE-SU-2023:1832-1 Rating: critical References: * #1179926 * #1197027 * #1206562 * #1206973 * #1207063 * #1207308 * #1207352 * #1207490 * #1207799 * #1207829 * #1207830 * #1207838 * #1207883 * #1208288 * #1208321 * #1208325 * #1208586 * #1208687 * #1208719 * #1208772 * #1208908 * #1209369 * #1209386 * #1209689 * #1209703 Cross-References: * CVE-2020-8908 * CVE-2022-0860 CVSS scores: * CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-0860 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2022-0860 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: An update that solves two vulnerabilities and has 23 fixes can now be installed. ## Description: Maintenance update for SUSE Manager 4.2: Release notes for Server, Proxy and Retail Branch Server This is a codestream only patchinfo. ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: ## Package List: ## References: * https://www.suse.com/security/cve/CVE-2020-8908.html * https://www.suse.com/security/cve/CVE-2022-0860.html * https://bugzilla.suse.com/show_bug.cgi?id=1179926 * https://bugzilla.suse.com/show_bug.cgi?id=1197027 * https://bugzilla.suse.com/show_bug.cgi?id=1206562 * https://bugzilla.suse.com/show_bug.cgi?id=1206973 * https://bugzilla.suse.com/show_bug.cgi?id=1207063 * https://bugzilla.suse.com/show_bug.cgi?id=1207308 * https://bugzilla.suse.com/show_bug.cgi?id=1207352 * https://bugzilla.suse.com/show_bug.cgi?id=1207490 * https://bugzilla.suse.com/show_bug.cgi?id=1207799 * https://bugzilla.suse.com/show_bug.cgi?id=1207829 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1207838 * https://bugzilla.suse.com/show_bug.cgi?id=1207883 * https://bugzilla.suse.com/show_bug.cgi?id=1208288 * https://bugzilla.suse.com/show_bug.cgi?id=1208321 * https://bugzilla.suse.com/show_bug.cgi?id=1208325 * https://bugzilla.suse.com/show_bug.cgi?id=1208586 * https://bugzilla.suse.com/show_bug.cgi?id=1208687 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1208772 * https://bugzilla.suse.com/show_bug.cgi?id=1208908 * https://bugzilla.suse.com/show_bug.cgi?id=1209369 * https://bugzilla.suse.com/show_bug.cgi?id=1209386 * https://bugzilla.suse.com/show_bug.cgi?id=1209689 * https://bugzilla.suse.com/show_bug.cgi?id=1209703 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:14 -0000 Subject: SUSE-SU-2023:1829-1: important: Security update for liblouis Message-ID: <168321211497.13634.4578012672039205733@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1829-1 Rating: important References: * #1209431 * #1209855 Cross-References: * CVE-2023-26768 CVSS scores: * CVE-2023-26768 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1829=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1829=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1829=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1829=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1829=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1829=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1829=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1829=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1829=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis19-3.11.0-150200.3.13.1 * liblouis19-debuginfo-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Enterprise Storage 7.1 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 * SUSE Enterprise Storage 7 (noarch) * liblouis-data-3.11.0-150200.3.13.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * liblouis19-debuginfo-3.11.0-150200.3.13.1 * liblouis-devel-3.11.0-150200.3.13.1 * liblouis-debugsource-3.11.0-150200.3.13.1 * liblouis-debuginfo-3.11.0-150200.3.13.1 * python3-louis-3.11.0-150200.3.13.1 * liblouis19-3.11.0-150200.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26768.html * https://bugzilla.suse.com/show_bug.cgi?id=1209431 * https://bugzilla.suse.com/show_bug.cgi?id=1209855 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:16 -0000 Subject: SUSE-SU-2023:1828-1: important: Security update for liblouis Message-ID: <168321211623.13634.17769800400109622247@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1828-1 Rating: important References: * #1209431 * #1209855 Cross-References: * CVE-2023-26768 CVSS scores: * CVE-2023-26768 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1828=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1828=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1828=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1828=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis14-debuginfo-3.3.0-150000.4.16.1 * liblouis14-3.3.0-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblouis-data-3.3.0-150000.4.16.1 * liblouis-devel-3.3.0-150000.4.16.1 * liblouis-debugsource-3.3.0-150000.4.16.1 * liblouis14-3.3.0-150000.4.16.1 * liblouis-debuginfo-3.3.0-150000.4.16.1 * liblouis14-debuginfo-3.3.0-150000.4.16.1 * python3-louis-3.3.0-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblouis-data-3.3.0-150000.4.16.1 * liblouis-devel-3.3.0-150000.4.16.1 * liblouis-debugsource-3.3.0-150000.4.16.1 * liblouis14-3.3.0-150000.4.16.1 * liblouis-debuginfo-3.3.0-150000.4.16.1 * liblouis14-debuginfo-3.3.0-150000.4.16.1 * python3-louis-3.3.0-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * liblouis-data-3.3.0-150000.4.16.1 * liblouis-devel-3.3.0-150000.4.16.1 * liblouis-debugsource-3.3.0-150000.4.16.1 * liblouis14-3.3.0-150000.4.16.1 * liblouis-debuginfo-3.3.0-150000.4.16.1 * liblouis14-debuginfo-3.3.0-150000.4.16.1 * python3-louis-3.3.0-150000.4.16.1 * SUSE CaaS Platform 4.0 (x86_64) * liblouis-data-3.3.0-150000.4.16.1 * liblouis-devel-3.3.0-150000.4.16.1 * liblouis-debugsource-3.3.0-150000.4.16.1 * liblouis14-3.3.0-150000.4.16.1 * liblouis-debuginfo-3.3.0-150000.4.16.1 * liblouis14-debuginfo-3.3.0-150000.4.16.1 * python3-louis-3.3.0-150000.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26768.html * https://bugzilla.suse.com/show_bug.cgi?id=1209431 * https://bugzilla.suse.com/show_bug.cgi?id=1209855 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:17 -0000 Subject: SUSE-SU-2023:1827-1: moderate: Security update for containerd Message-ID: <168321211745.13634.9240137732579622000@smelt2.suse.de> # Security update for containerd Announcement ID: SUSE-SU-2023:1827-1 Rating: moderate References: * #1208423 * #1208426 Cross-References: * CVE-2023-25153 * CVE-2023-25173 CVSS scores: * CVE-2023-25153 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25153 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25173 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25173 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: * CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). * CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1827=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1827=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1827=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1827=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1827=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1827=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1827=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1827=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1827=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1827=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * containerd-1.6.19-150000.87.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.87.1 * containerd-ctr-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.87.1 * containerd-ctr-1.6.19-150000.87.1 * containerd-devel-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * containerd-1.6.19-150000.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25153.html * https://www.suse.com/security/cve/CVE-2023-25173.html * https://bugzilla.suse.com/show_bug.cgi?id=1208423 * https://bugzilla.suse.com/show_bug.cgi?id=1208426 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:18 -0000 Subject: SUSE-SU-2023:1826-1: moderate: Security update for containerd Message-ID: <168321211859.13634.9715057990802563933@smelt2.suse.de> # Security update for containerd Announcement ID: SUSE-SU-2023:1826-1 Rating: moderate References: * #1208423 * #1208426 Cross-References: * CVE-2023-25153 * CVE-2023-25173 CVSS scores: * CVE-2023-25153 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25153 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25173 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25173 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: * CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). * CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-1826=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * containerd-1.6.19-16.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25153.html * https://www.suse.com/security/cve/CVE-2023-25173.html * https://bugzilla.suse.com/show_bug.cgi?id=1208423 * https://bugzilla.suse.com/show_bug.cgi?id=1208426 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:21 -0000 Subject: SUSE-SU-2023:1824-1: important: Security update for liblouis Message-ID: <168321212100.13634.5397710052363939622@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1824-1 Rating: important References: * #1209429 * #1209431 * #1209432 * #1209855 Cross-References: * CVE-2023-26767 * CVE-2023-26768 * CVE-2023-26769 CVSS scores: * CVE-2023-26767 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26767 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26768 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26769 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26769 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 * Web and Scripting Module 12 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). * CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). * CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1824=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1824=1 * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-1824=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1824=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1824=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1824=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1824=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1824=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1824=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1824=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1824=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * python3-louis-2.6.4-6.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * liblouis-devel-2.6.4-6.14.2 * liblouis-debugsource-2.6.4-6.14.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * liblouis9-debuginfo-2.6.4-6.14.2 * python-louis-2.6.4-6.14.3 * liblouis-debugsource-2.6.4-6.14.2 * python3-louis-2.6.4-6.16.1 * liblouis9-2.6.4-6.14.2 * liblouis-data-2.6.4-6.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-26767.html * https://www.suse.com/security/cve/CVE-2023-26768.html * https://www.suse.com/security/cve/CVE-2023-26769.html * https://bugzilla.suse.com/show_bug.cgi?id=1209429 * https://bugzilla.suse.com/show_bug.cgi?id=1209431 * https://bugzilla.suse.com/show_bug.cgi?id=1209432 * https://bugzilla.suse.com/show_bug.cgi?id=1209855 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:19 -0000 Subject: SUSE-SU-2023:1825-1: low: Security update for helm Message-ID: <168321211964.13634.2677277641902035851@smelt2.suse.de> # Security update for helm Announcement ID: SUSE-SU-2023:1825-1 Rating: low References: * #1206469 Cross-References: * CVE-2022-23525 CVSS scores: * CVE-2022-23525 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-23525 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise Server 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for helm fixes the following issues: * CVE-2022-23525: Fixed denial of service through repository index file (bsc#1206469). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * helm-2.16.12-150100.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2022-23525.html * https://bugzilla.suse.com/show_bug.cgi?id=1206469 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:22 -0000 Subject: SUSE-SU-2023:1823-1: moderate: Security update for java-1_8_0-ibm Message-ID: <168321212239.13634.586867336544779676@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:1823-1 Rating: moderate References: * #1207246 * #1207248 * #1207249 * #1208480 Cross-References: * CVE-2022-21426 * CVE-2023-21830 * CVE-2023-21835 * CVE-2023-21843 CVSS scores: * CVE-2022-21426 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-21426 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21830 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21835 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21843 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). * CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: * Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: * IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE("SHA256", "IBMJCEFIPS"); in MAC * IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 * IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F * IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G * IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application * IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last * IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer * IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties * IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush * IX90193 ORB: Fix security vulnerability CVE-2023-21830 * IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 * IJ45148 Security: code changes for tech preview * IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak * IJ44172 Security: Disable SHA-1 signed jars for EA * IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak * IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION * IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores * IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm * IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension * IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys * IJ45203 Security: RSAPSS multiple names for KEYTYPE * IJ43920 Security: The PKCS12 keystore update and the PBES2 support * IJ40002 XML: Fix security vulnerability CVE-2022-21426 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1823=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1823=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1823=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1823=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1823=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1823=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1823=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1823=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1823=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1823=1 ## Package List: * SUSE OpenStack Cloud 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE OpenStack Cloud 9 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-30.105.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-30.105.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-30.105.1 ## References: * https://www.suse.com/security/cve/CVE-2022-21426.html * https://www.suse.com/security/cve/CVE-2023-21830.html * https://www.suse.com/security/cve/CVE-2023-21835.html * https://www.suse.com/security/cve/CVE-2023-21843.html * https://bugzilla.suse.com/show_bug.cgi?id=1207246 * https://bugzilla.suse.com/show_bug.cgi?id=1207248 * https://bugzilla.suse.com/show_bug.cgi?id=1207249 * https://bugzilla.suse.com/show_bug.cgi?id=1208480 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:25 -0000 Subject: SUSE-SU-2023:1821-1: important: Security update for harfbuzz Message-ID: <168321212508.13634.5732852091207242884@smelt2.suse.de> # Security update for harfbuzz Announcement ID: SUSE-SU-2023:1821-1 Rating: important References: * #1207922 Cross-References: * CVE-2023-25193 CVSS scores: * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1821=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1821=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1821=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1821=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1821=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1821=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1821=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1821=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1821=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1821=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1821=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * libharfbuzz0-32bit-1.4.5-8.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * libharfbuzz0-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * harfbuzz-debugsource-1.4.5-8.3.1 * harfbuzz-devel-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * libharfbuzz0-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libharfbuzz0-1.4.5-8.3.1 * libharfbuzz-icu0-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-1.4.5-8.3.1 * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz0-debuginfo-1.4.5-8.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libharfbuzz0-32bit-1.4.5-8.3.1 * libharfbuzz0-debuginfo-32bit-1.4.5-8.3.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * harfbuzz-debugsource-1.4.5-8.3.1 * libharfbuzz-icu0-debuginfo-32bit-1.4.5-8.3.1 * libharfbuzz-icu0-32bit-1.4.5-8.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:23 -0000 Subject: SUSE-SU-2023:1822-1: important: Security update for harfbuzz Message-ID: <168321212378.13634.3677127392884207992@smelt2.suse.de> # Security update for harfbuzz Announcement ID: SUSE-SU-2023:1822-1 Rating: important References: * #1207922 Cross-References: * CVE-2023-25193 CVSS scores: * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1822=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1822=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1822=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1822=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1822=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1822=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1822=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1822=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1822=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1822=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1822=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1822=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1822=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1822=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1822=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Manager Server 4.2 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libharfbuzz-gobject0-2.6.4-150200.3.6.1 * libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz-subset0-2.6.4-150200.3.6.1 * libharfbuzz-icu0-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * harfbuzz-devel-2.6.4-150200.3.6.1 * libharfbuzz-icu0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.6.1 * libharfbuzz-subset0-debuginfo-2.6.4-150200.3.6.1 * SUSE Enterprise Storage 7 (x86_64) * libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.6.1 * libharfbuzz0-32bit-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libharfbuzz0-debuginfo-2.6.4-150200.3.6.1 * harfbuzz-debugsource-2.6.4-150200.3.6.1 * libharfbuzz0-2.6.4-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:26 -0000 Subject: SUSE-SU-2023:1820-1: important: Security update for harfbuzz Message-ID: <168321212634.13634.14810141943517485455@smelt2.suse.de> # Security update for harfbuzz Announcement ID: SUSE-SU-2023:1820-1 Rating: important References: * #1207922 Cross-References: * CVE-2023-25193 CVSS scores: * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1820=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1820=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1820=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libharfbuzz-icu0-1.7.5-150000.3.3.1 * libharfbuzz-icu0-debuginfo-1.7.5-150000.3.3.1 * harfbuzz-devel-1.7.5-150000.3.3.1 * harfbuzz-debugsource-1.7.5-150000.3.3.1 * libharfbuzz0-1.7.5-150000.3.3.1 * libharfbuzz0-debuginfo-1.7.5-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libharfbuzz0-32bit-1.7.5-150000.3.3.1 * libharfbuzz0-32bit-debuginfo-1.7.5-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libharfbuzz-icu0-1.7.5-150000.3.3.1 * libharfbuzz-icu0-debuginfo-1.7.5-150000.3.3.1 * harfbuzz-devel-1.7.5-150000.3.3.1 * harfbuzz-debugsource-1.7.5-150000.3.3.1 * libharfbuzz0-1.7.5-150000.3.3.1 * libharfbuzz0-debuginfo-1.7.5-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libharfbuzz0-32bit-1.7.5-150000.3.3.1 * libharfbuzz0-32bit-debuginfo-1.7.5-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libharfbuzz-icu0-1.7.5-150000.3.3.1 * libharfbuzz-icu0-debuginfo-1.7.5-150000.3.3.1 * harfbuzz-devel-1.7.5-150000.3.3.1 * harfbuzz-debugsource-1.7.5-150000.3.3.1 * libharfbuzz0-1.7.5-150000.3.3.1 * libharfbuzz0-debuginfo-1.7.5-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libharfbuzz0-32bit-1.7.5-150000.3.3.1 * libharfbuzz0-32bit-debuginfo-1.7.5-150000.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * libharfbuzz-icu0-1.7.5-150000.3.3.1 * libharfbuzz0-32bit-debuginfo-1.7.5-150000.3.3.1 * libharfbuzz0-32bit-1.7.5-150000.3.3.1 * libharfbuzz-icu0-debuginfo-1.7.5-150000.3.3.1 * harfbuzz-devel-1.7.5-150000.3.3.1 * harfbuzz-debugsource-1.7.5-150000.3.3.1 * libharfbuzz0-1.7.5-150000.3.3.1 * libharfbuzz0-debuginfo-1.7.5-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:27 -0000 Subject: SUSE-SU-2023:1815-1: moderate: Security update for amazon-ssm-agent Message-ID: <168321212745.13634.334806583365479318@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:1815-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for amazon-ssm-agent fixes the following issue: * rebuilt using go1.19.7 to fix bugs and security issues. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1815=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-1815=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-1815=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-1815=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1815=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.11.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.11.1 * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.11.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.11.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.11.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 14:55:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 14:55:29 -0000 Subject: SUSE-SU-2023:1814-1: important: Security update for podman Message-ID: <168321212907.13634.5352548140954021897@smelt2.suse.de> # Security update for podman Announcement ID: SUSE-SU-2023:1814-1 Rating: important References: * #1197093 * #1208364 * #1208510 * #1209495 Cross-References: * CVE-2023-0778 CVSS scores: * CVE-2023-0778 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0778 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed * podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common at v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix "podman logs --since --follow" flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update to version 4.4.2: * Revert "CI: Temporarily disable all AWS EC2-based tasks" * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes * podman.spec: add `crun` requirement for quadlet * podman.spec: set PREFIX at build stage (bsc#1208510) * CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output "ago" when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip "Local forwarder, IPv4" test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support "die" filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable "podman run with ipam none driver" for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support "-o parent=XXX" for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of "\--pids-limit" option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with "." suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5 at 4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo at v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage at main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert "Add checkpoint image tests" * Revert "cmd/podman: add support for checkpoint images" * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill * Make the priority for picking the storage driver configurable (bsc#1197093) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1814=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1814=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1814=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1814=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1814=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1814=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1814=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * openSUSE Leap Micro 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * podman-remote-4.4.4-150400.4.16.1 * podman-remote-debuginfo-4.4.4-150400.4.16.1 * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * openSUSE Leap 15.4 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * podman-docker-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * podman-remote-4.4.4-150400.4.16.1 * podman-remote-debuginfo-4.4.4-150400.4.16.1 * podman-debuginfo-4.4.4-150400.4.16.1 * podman-4.4.4-150400.4.16.1 * Containers Module 15-SP4 (noarch) * podman-cni-config-4.4.4-150400.4.16.1 * podman-docker-4.4.4-150400.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0778.html * https://bugzilla.suse.com/show_bug.cgi?id=1197093 * https://bugzilla.suse.com/show_bug.cgi?id=1208364 * https://bugzilla.suse.com/show_bug.cgi?id=1208510 * https://bugzilla.suse.com/show_bug.cgi?id=1209495 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 20:30:03 -0000 Subject: SUSE-RU-2023:2104-1: moderate: Recommended update for procps Message-ID: <168323220337.12658.6179783770890931917@smelt2.suse.de> # Recommended update for procps Announcement ID: SUSE-RU-2023:2104-1 Rating: moderate References: * #1209122 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for procps fixes the following issue: * Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2104=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2104=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2104=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2104=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2104=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2104=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2104=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2104=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2104=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2104=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2104=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-devel-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-devel-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-devel-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libprocps7-debuginfo-3.3.15-150000.7.31.1 * procps-debuginfo-3.3.15-150000.7.31.1 * libprocps7-3.3.15-150000.7.31.1 * procps-debugsource-3.3.15-150000.7.31.1 * procps-3.3.15-150000.7.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 4 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 04 May 2023 20:30:05 -0000 Subject: SUSE-SU-2023:2103-1: moderate: Security update for vim Message-ID: <168323220553.12658.4905486360553619022@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:2103-1 Rating: moderate References: * #1208828 * #1209042 * #1209187 Cross-References: * CVE-2023-1127 * CVE-2023-1264 * CVE-2023-1355 CVSS scores: * CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1264 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1264 ( NVD ): 6.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1355 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1355 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1355 ( NVD ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems * CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). * CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). * CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2103=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2103=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2103=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2103=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2103=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2103=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2103=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2103=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2103=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2103=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2103=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2103=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-debuginfo-9.0.1443-150000.5.40.1 * vim-debugsource-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * xxd-9.0.1443-150000.5.40.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-9.0.1443-150000.5.40.1 * gvim-debuginfo-9.0.1443-150000.5.40.1 * gvim-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * openSUSE Leap 15.4 (noarch) * vim-data-9.0.1443-150000.5.40.1 * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * Basesystem Module 15-SP4 (noarch) * vim-data-9.0.1443-150000.5.40.1 * vim-data-common-9.0.1443-150000.5.40.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1443-150000.5.40.1 * gvim-9.0.1443-150000.5.40.1 * gvim-debuginfo-9.0.1443-150000.5.40.1 * vim-debugsource-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-9.0.1443-150000.5.40.1 * gvim-debuginfo-9.0.1443-150000.5.40.1 * gvim-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * vim-data-9.0.1443-150000.5.40.1 * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1443-150000.5.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debugsource-9.0.1443-150000.5.40.1 * xxd-9.0.1443-150000.5.40.1 * vim-small-9.0.1443-150000.5.40.1 * vim-small-debuginfo-9.0.1443-150000.5.40.1 * vim-debuginfo-9.0.1443-150000.5.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1127.html * https://www.suse.com/security/cve/CVE-2023-1264.html * https://www.suse.com/security/cve/CVE-2023-1355.html * https://bugzilla.suse.com/show_bug.cgi?id=1208828 * https://bugzilla.suse.com/show_bug.cgi?id=1209042 * https://bugzilla.suse.com/show_bug.cgi?id=1209187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 07:07:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2023 09:07:08 +0200 (CEST) Subject: SUSE-CU-2023:1427-1: Security update of bci/openjdk-devel Message-ID: <20230505070708.5A6C3F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1427-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.83 , bci/openjdk-devel:latest Container Release : 14.83 Severity : important Type : security References : 1193795 CVE-2021-42550 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2097-1 Released: Thu May 4 09:11:06 2023 Summary: Security update for maven and recommended update for antlr3, minlog, sbt, xmvn Type: security Severity: important References: 1193795,CVE-2021-42550 This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: - Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217): * Security fixes: + CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795) * Bug fixes: + Fix resolver session containing non-MavenWorkspaceReader + Fix for multiple maven instances working on same source tree that can lock each other + Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back + Fix IllegalStateException in SessionScope during guice injection in multithreaded build + Revert MNG-7347 (SessionScoped beans should be singletons for a given session) + Fix compilation failure with relocated transitive dependency + Fix deadlock during forked lifecycle executions + Fix issue with resolving dependencies between submodules * New features and improvements: + Create a multiline message helper for boxed log messages + Display a warning when an aggregator mojo is locking other mojo executions + Align Assembly Descriptor NS versions * Dependency upgrades: + Upgrade SLF4J to 1.7.36 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Utils to 3.3.1 - Move mvn.1 from bin to man directory antlr3: - Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217): * Change source compatibility to 1.8 and enable github workflows * Change Wiki URLs to theantlrguy.atlassian.net in README.txt * Add Bazel support - Remove enforcer plugin as it is not needed in a controlled environment minlog: - Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217): * Use currentTimeMillis * Use 3-Clause BSD * Use Java 7 JDK. sbt: - Fix build issues with maven 3.8.6 (jsc#SLE-23217) xmvn: - Remove RPM package build dependency on easymock (jsc#SLE-23217) The following package changes have been done: - maven-lib-3.8.6-150200.4.9.8 updated - maven-3.8.6-150200.4.9.8 updated - container:bci-openjdk-17-15.4.17-13.44 updated From sle-updates at lists.suse.com Fri May 5 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 08:30:04 -0000 Subject: SUSE-RU-2023:2107-1: moderate: Recommended update for yast2-drbd Message-ID: <168327540466.21435.18399754150110787731@smelt2.suse.de> # Recommended update for yast2-drbd Announcement ID: SUSE-RU-2023:2107-1 Rating: moderate References: * #1207952 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-drbd fixes the following issue: * Validate DRBD Device name (bsc#1207952) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2107=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2107=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-drbd-4.4.3-150400.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-drbd-4.4.3-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207952 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2106-1: important: Recommended update for openssh Message-ID: <168327540725.21435.14023568702585785276@smelt2.suse.de> # Recommended update for openssh Announcement ID: SUSE-RU-2023:2106-1 Rating: important References: * #1207014 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for openssh fixes the following issues: * Remove some patches that cause invalid environment assignments (bsc#1207014). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2106=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2106=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2106=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2106=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openssh-debugsource-8.1p1-150200.5.34.1 * openssh-askpass-gnome-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.34.1 * openssh-fips-8.1p1-150200.5.34.1 * openssh-debuginfo-8.1p1-150200.5.34.1 * openssh-8.1p1-150200.5.34.1 * openssh-helpers-debuginfo-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.34.1 * openssh-helpers-8.1p1-150200.5.34.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssh-debugsource-8.1p1-150200.5.34.1 * openssh-askpass-gnome-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.34.1 * openssh-fips-8.1p1-150200.5.34.1 * openssh-debuginfo-8.1p1-150200.5.34.1 * openssh-8.1p1-150200.5.34.1 * openssh-helpers-debuginfo-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.34.1 * openssh-helpers-8.1p1-150200.5.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssh-debugsource-8.1p1-150200.5.34.1 * openssh-askpass-gnome-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.34.1 * openssh-fips-8.1p1-150200.5.34.1 * openssh-debuginfo-8.1p1-150200.5.34.1 * openssh-8.1p1-150200.5.34.1 * openssh-helpers-debuginfo-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.34.1 * openssh-helpers-8.1p1-150200.5.34.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssh-debugsource-8.1p1-150200.5.34.1 * openssh-askpass-gnome-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debuginfo-8.1p1-150200.5.34.1 * openssh-fips-8.1p1-150200.5.34.1 * openssh-debuginfo-8.1p1-150200.5.34.1 * openssh-8.1p1-150200.5.34.1 * openssh-helpers-debuginfo-8.1p1-150200.5.34.1 * openssh-askpass-gnome-debugsource-8.1p1-150200.5.34.1 * openssh-helpers-8.1p1-150200.5.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207014 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 08:30:11 -0000 Subject: SUSE-SU-2023:2105-1: important: Security update for go1.20 Message-ID: <168327541134.21435.1055615246177150840@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:2105-1 Rating: important References: * #1206346 * #1210127 * #1210128 * #1210129 * #1210130 * #1210938 * #1210963 * #1211029 * #1211030 * #1211031 Cross-References: * CVE-2023-24534 * CVE-2023-24536 * CVE-2023-24537 * CVE-2023-24538 * CVE-2023-24539 * CVE-2023-24540 * CVE-2023-29400 CVSS scores: * CVE-2023-24534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24534 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24537 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24537 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24538 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-24538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24539 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-24540 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-29400 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities and has three fixes can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to 1.20.4 (bnc#1206346): \- CVE-2023-24539: Fixed an improper sanitization of CSS values (boo#1211029). \- CVE-2023-24540: Fixed an improper handling of JavaScript whitespace (boo#1211030). \- CVE-2023-29400: Fixed an improper handling of empty HTML attributes (boo#1211031). \- runtime: automatically bump RLIMIT_NOFILE on Unix. \- crypto/subtle: xor fails when run with race+purego. \- cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. \- cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int). \- cmd/compile: miscompilation in star- tex.org/x/cmd/star-tex. \- net/http: FileServer no longer serves content for POST. \- crypto/tls: TLSv1.3 connection fails with invalid PSK binder. \- cmd/compile: incorrect inline function variable. \- cmd/compile: Unified IR exports table is binary unstable in presence of generics. \- go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT. Non-security fixes: * Reverted go1.x Suggests go1.x-race (boo#1210963). * Re-enabled binary stripping and debuginfo (boo#1210938). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2105=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2105=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * go1.20-1.20.4-150000.1.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.4-150000.1.11.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.20-race-1.20.4-150000.1.11.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.4-150000.1.11.1 * go1.20-1.20.4-150000.1.11.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.4-150000.1.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24534.html * https://www.suse.com/security/cve/CVE-2023-24536.html * https://www.suse.com/security/cve/CVE-2023-24537.html * https://www.suse.com/security/cve/CVE-2023-24538.html * https://www.suse.com/security/cve/CVE-2023-24539.html * https://www.suse.com/security/cve/CVE-2023-24540.html * https://www.suse.com/security/cve/CVE-2023-29400.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1210127 * https://bugzilla.suse.com/show_bug.cgi?id=1210128 * https://bugzilla.suse.com/show_bug.cgi?id=1210129 * https://bugzilla.suse.com/show_bug.cgi?id=1210130 * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1210963 * https://bugzilla.suse.com/show_bug.cgi?id=1211029 * https://bugzilla.suse.com/show_bug.cgi?id=1211030 * https://bugzilla.suse.com/show_bug.cgi?id=1211031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 08:30:13 -0000 Subject: SUSE-RU-2023:1636-2: moderate: Recommended update for suse-module-tools Message-ID: <168327541339.21435.1547032526382347626@smelt2.suse.de> # Recommended update for suse-module-tools Announcement ID: SUSE-RU-2023:1636-2 Rating: moderate References: * #1207853 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1636=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1636=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * suse-module-tools-15.4.16-150400.3.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * suse-module-tools-15.4.16-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2109-1: important: Security update for java-11-openjdk Message-ID: <168328980258.7609.8299360726271155583@smelt2.suse.de> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:2109-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): * CVE-2023-21930: Fixed AES support (bsc#1210628). * CVE-2023-21937: Fixed String platform support (bsc#1210631). * CVE-2023-21938: Fixed runtime support (bsc#1210632). * CVE-2023-21939: Fixed Swing platform support (bsc#1210634). * CVE-2023-21954: Fixed object reclamation process (bsc#1210635). * CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). * CVE-2023-21968: Fixed path handling (bsc#1210637). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2109=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2109=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2109=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-11-openjdk-headless-11.0.19.0-3.58.2 * java-11-openjdk-devel-11.0.19.0-3.58.2 * java-11-openjdk-11.0.19.0-3.58.2 * java-11-openjdk-demo-11.0.19.0-3.58.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.19.0-3.58.2 * java-11-openjdk-devel-11.0.19.0-3.58.2 * java-11-openjdk-11.0.19.0-3.58.2 * java-11-openjdk-demo-11.0.19.0-3.58.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-11-openjdk-headless-11.0.19.0-3.58.2 * java-11-openjdk-devel-11.0.19.0-3.58.2 * java-11-openjdk-11.0.19.0-3.58.2 * java-11-openjdk-demo-11.0.19.0-3.58.2 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2108-1: important: Security update for ffmpeg Message-ID: <168328980471.7609.12570910094724917951@smelt2.suse.de> # Security update for ffmpeg Announcement ID: SUSE-SU-2023:2108-1 Rating: important References: * #1209934 Cross-References: * CVE-2022-48434 CVSS scores: * CVE-2022-48434 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48434 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for ffmpeg fixes the following issues: * CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2108=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2108=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2108=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2108=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2108=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2108=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2108=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2108=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2108=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2108=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2108=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2108=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2108=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2108=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavdevice57-3.4.2-150200.11.28.1 * libavformat57-3.4.2-150200.11.28.1 * libavdevice57-debuginfo-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavdevice-devel-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * ffmpeg-private-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libavformat-devel-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * libavcodec-devel-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavfilter-devel-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * libavfilter6-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libavfilter6-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * openSUSE Leap 15.4 (x86_64) * libswscale4-32bit-3.4.2-150200.11.28.1 * libavfilter6-32bit-3.4.2-150200.11.28.1 * libavcodec57-32bit-debuginfo-3.4.2-150200.11.28.1 * libavcodec57-32bit-3.4.2-150200.11.28.1 * libavdevice57-32bit-3.4.2-150200.11.28.1 * libavformat57-32bit-3.4.2-150200.11.28.1 * libavdevice57-32bit-debuginfo-3.4.2-150200.11.28.1 * libavresample3-32bit-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-32bit-3.4.2-150200.11.28.1 * libavresample3-32bit-3.4.2-150200.11.28.1 * libswresample2-32bit-debuginfo-3.4.2-150200.11.28.1 * libavformat57-32bit-debuginfo-3.4.2-150200.11.28.1 * libavutil55-32bit-3.4.2-150200.11.28.1 * libavfilter6-32bit-debuginfo-3.4.2-150200.11.28.1 * libswresample2-32bit-3.4.2-150200.11.28.1 * libswscale4-32bit-debuginfo-3.4.2-150200.11.28.1 * libavutil55-32bit-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-32bit-debuginfo-3.4.2-150200.11.28.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libavresample3-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavformat57-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libavdevice57-3.4.2-150200.11.28.1 * libavfilter6-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavdevice57-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-3.4.2-150200.11.28.1 * libavfilter6-3.4.2-150200.11.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libavresample3-3.4.2-150200.11.28.1 * libavformat57-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavformat-devel-3.4.2-150200.11.28.1 * libavcodec-devel-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libavformat57-3.4.2-150200.11.28.1 * libswresample2-3.4.2-150200.11.28.1 * libavutil-devel-3.4.2-150200.11.28.1 * libpostproc54-3.4.2-150200.11.28.1 * libavresample3-debuginfo-3.4.2-150200.11.28.1 * libswresample2-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debuginfo-3.4.2-150200.11.28.1 * libavutil55-debuginfo-3.4.2-150200.11.28.1 * libpostproc54-debuginfo-3.4.2-150200.11.28.1 * libavresample3-3.4.2-150200.11.28.1 * libswscale-devel-3.4.2-150200.11.28.1 * libavcodec57-3.4.2-150200.11.28.1 * libswscale4-debuginfo-3.4.2-150200.11.28.1 * ffmpeg-debugsource-3.4.2-150200.11.28.1 * libavcodec57-debuginfo-3.4.2-150200.11.28.1 * libavformat57-debuginfo-3.4.2-150200.11.28.1 * libpostproc-devel-3.4.2-150200.11.28.1 * libswresample-devel-3.4.2-150200.11.28.1 * libavutil55-3.4.2-150200.11.28.1 * libswscale4-3.4.2-150200.11.28.1 * libavresample-devel-3.4.2-150200.11.28.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48434.html * https://bugzilla.suse.com/show_bug.cgi?id=1209934 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2115-1: important: Security update for ffmpeg Message-ID: <168330420455.32269.9993081824561713208@smelt2.suse.de> # Security update for ffmpeg Announcement ID: SUSE-SU-2023:2115-1 Rating: important References: * #1140754 * #1206778 * #1209934 Cross-References: * CVE-2019-13390 * CVE-2022-3341 * CVE-2022-48434 CVSS scores: * CVE-2019-13390 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-13390 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-13390 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-3341 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-3341 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48434 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48434 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for ffmpeg fixes the following issues: * CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754). * CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). * CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2115=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2115=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2115=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-2115=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libavresample3-3.4.2-150000.4.53.2 * libpostproc54-debuginfo-3.4.2-150000.4.53.2 * libswscale4-debuginfo-3.4.2-150000.4.53.2 * libavresample-devel-3.4.2-150000.4.53.2 * libavcodec57-3.4.2-150000.4.53.2 * libavdevice57-3.4.2-150000.4.53.2 * libavutil55-debuginfo-3.4.2-150000.4.53.2 * libavformat57-3.4.2-150000.4.53.2 * ffmpeg-debuginfo-3.4.2-150000.4.53.2 * libpostproc-devel-3.4.2-150000.4.53.2 * libavfilter6-3.4.2-150000.4.53.2 * libavcodec-devel-3.4.2-150000.4.53.2 * libavutil-devel-3.4.2-150000.4.53.2 * libswscale4-3.4.2-150000.4.53.2 * ffmpeg-debugsource-3.4.2-150000.4.53.2 * libavfilter6-debuginfo-3.4.2-150000.4.53.2 * libswresample-devel-3.4.2-150000.4.53.2 * libavformat57-debuginfo-3.4.2-150000.4.53.2 * libswresample2-debuginfo-3.4.2-150000.4.53.2 * libswresample2-3.4.2-150000.4.53.2 * libavdevice-devel-3.4.2-150000.4.53.2 * libavcodec57-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-3.4.2-150000.4.53.2 * libavresample3-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-debuginfo-3.4.2-150000.4.53.2 * libswscale-devel-3.4.2-150000.4.53.2 * libavutil55-3.4.2-150000.4.53.2 * libavfilter-devel-3.4.2-150000.4.53.2 * libavformat-devel-3.4.2-150000.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libavfilter6-32bit-3.4.2-150000.4.53.2 * libavdevice57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavutil55-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-debuginfo-3.4.2-150000.4.53.2 * libavresample3-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-3.4.2-150000.4.53.2 * libavcodec57-32bit-3.4.2-150000.4.53.2 * libavresample3-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-3.4.2-150000.4.53.2 * libavutil55-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-debuginfo-3.4.2-150000.4.53.2 * libavcodec57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-3.4.2-150000.4.53.2 * libavfilter6-32bit-debuginfo-3.4.2-150000.4.53.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libavresample3-3.4.2-150000.4.53.2 * libpostproc54-debuginfo-3.4.2-150000.4.53.2 * libswscale4-debuginfo-3.4.2-150000.4.53.2 * libavresample-devel-3.4.2-150000.4.53.2 * libavcodec57-3.4.2-150000.4.53.2 * libavdevice57-3.4.2-150000.4.53.2 * libavutil55-debuginfo-3.4.2-150000.4.53.2 * libavformat57-3.4.2-150000.4.53.2 * ffmpeg-debuginfo-3.4.2-150000.4.53.2 * libpostproc-devel-3.4.2-150000.4.53.2 * libavfilter6-3.4.2-150000.4.53.2 * libavcodec-devel-3.4.2-150000.4.53.2 * libavutil-devel-3.4.2-150000.4.53.2 * libswscale4-3.4.2-150000.4.53.2 * ffmpeg-debugsource-3.4.2-150000.4.53.2 * libavfilter6-debuginfo-3.4.2-150000.4.53.2 * libswresample-devel-3.4.2-150000.4.53.2 * libavformat57-debuginfo-3.4.2-150000.4.53.2 * libswresample2-debuginfo-3.4.2-150000.4.53.2 * libswresample2-3.4.2-150000.4.53.2 * libavdevice-devel-3.4.2-150000.4.53.2 * libavcodec57-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-3.4.2-150000.4.53.2 * libavresample3-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-debuginfo-3.4.2-150000.4.53.2 * libswscale-devel-3.4.2-150000.4.53.2 * libavutil55-3.4.2-150000.4.53.2 * libavfilter-devel-3.4.2-150000.4.53.2 * libavformat-devel-3.4.2-150000.4.53.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libavfilter6-32bit-3.4.2-150000.4.53.2 * libavdevice57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavutil55-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-debuginfo-3.4.2-150000.4.53.2 * libavresample3-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-3.4.2-150000.4.53.2 * libavcodec57-32bit-3.4.2-150000.4.53.2 * libavresample3-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-3.4.2-150000.4.53.2 * libavutil55-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-debuginfo-3.4.2-150000.4.53.2 * libavcodec57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-3.4.2-150000.4.53.2 * libavfilter6-32bit-debuginfo-3.4.2-150000.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libavresample3-3.4.2-150000.4.53.2 * libpostproc54-debuginfo-3.4.2-150000.4.53.2 * libswscale4-debuginfo-3.4.2-150000.4.53.2 * libavresample-devel-3.4.2-150000.4.53.2 * libavcodec57-3.4.2-150000.4.53.2 * libavdevice57-3.4.2-150000.4.53.2 * libavutil55-debuginfo-3.4.2-150000.4.53.2 * libavformat57-3.4.2-150000.4.53.2 * ffmpeg-debuginfo-3.4.2-150000.4.53.2 * libpostproc-devel-3.4.2-150000.4.53.2 * libavfilter6-3.4.2-150000.4.53.2 * libavcodec-devel-3.4.2-150000.4.53.2 * libavutil-devel-3.4.2-150000.4.53.2 * libswscale4-3.4.2-150000.4.53.2 * ffmpeg-debugsource-3.4.2-150000.4.53.2 * libavfilter6-debuginfo-3.4.2-150000.4.53.2 * libswresample-devel-3.4.2-150000.4.53.2 * libavformat57-debuginfo-3.4.2-150000.4.53.2 * libswresample2-debuginfo-3.4.2-150000.4.53.2 * libswresample2-3.4.2-150000.4.53.2 * libavdevice-devel-3.4.2-150000.4.53.2 * libavcodec57-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-3.4.2-150000.4.53.2 * libavresample3-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-debuginfo-3.4.2-150000.4.53.2 * libswscale-devel-3.4.2-150000.4.53.2 * libavutil55-3.4.2-150000.4.53.2 * libavfilter-devel-3.4.2-150000.4.53.2 * libavformat-devel-3.4.2-150000.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libavfilter6-32bit-3.4.2-150000.4.53.2 * libavdevice57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavutil55-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-debuginfo-3.4.2-150000.4.53.2 * libavresample3-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-3.4.2-150000.4.53.2 * libavcodec57-32bit-3.4.2-150000.4.53.2 * libavresample3-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-3.4.2-150000.4.53.2 * libavutil55-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-debuginfo-3.4.2-150000.4.53.2 * libavcodec57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-3.4.2-150000.4.53.2 * libavfilter6-32bit-debuginfo-3.4.2-150000.4.53.2 * SUSE Enterprise Storage 6 (aarch64 x86_64) * libavresample3-3.4.2-150000.4.53.2 * libpostproc54-debuginfo-3.4.2-150000.4.53.2 * libswscale4-debuginfo-3.4.2-150000.4.53.2 * libavresample-devel-3.4.2-150000.4.53.2 * libavcodec57-3.4.2-150000.4.53.2 * libavdevice57-3.4.2-150000.4.53.2 * libavutil55-debuginfo-3.4.2-150000.4.53.2 * libavformat57-3.4.2-150000.4.53.2 * ffmpeg-debuginfo-3.4.2-150000.4.53.2 * libpostproc-devel-3.4.2-150000.4.53.2 * libavfilter6-3.4.2-150000.4.53.2 * libavcodec-devel-3.4.2-150000.4.53.2 * libavutil-devel-3.4.2-150000.4.53.2 * libswscale4-3.4.2-150000.4.53.2 * ffmpeg-debugsource-3.4.2-150000.4.53.2 * libavfilter6-debuginfo-3.4.2-150000.4.53.2 * libswresample-devel-3.4.2-150000.4.53.2 * libavformat57-debuginfo-3.4.2-150000.4.53.2 * libswresample2-debuginfo-3.4.2-150000.4.53.2 * libswresample2-3.4.2-150000.4.53.2 * libavdevice-devel-3.4.2-150000.4.53.2 * libavcodec57-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-3.4.2-150000.4.53.2 * libavresample3-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-debuginfo-3.4.2-150000.4.53.2 * libswscale-devel-3.4.2-150000.4.53.2 * libavutil55-3.4.2-150000.4.53.2 * libavfilter-devel-3.4.2-150000.4.53.2 * libavformat-devel-3.4.2-150000.4.53.2 * SUSE Enterprise Storage 6 (x86_64) * libavfilter6-32bit-3.4.2-150000.4.53.2 * libavdevice57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavutil55-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-debuginfo-3.4.2-150000.4.53.2 * libavresample3-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-3.4.2-150000.4.53.2 * libavcodec57-32bit-3.4.2-150000.4.53.2 * libavresample3-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-3.4.2-150000.4.53.2 * libavutil55-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-debuginfo-3.4.2-150000.4.53.2 * libavcodec57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-3.4.2-150000.4.53.2 * libavformat57-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-32bit-3.4.2-150000.4.53.2 * libavfilter6-32bit-debuginfo-3.4.2-150000.4.53.2 * SUSE CaaS Platform 4.0 (x86_64) * libavfilter6-32bit-3.4.2-150000.4.53.2 * libavutil55-32bit-3.4.2-150000.4.53.2 * libavresample3-3.4.2-150000.4.53.2 * libavresample3-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-3.4.2-150000.4.53.2 * libavcodec57-32bit-3.4.2-150000.4.53.2 * libpostproc54-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-32bit-3.4.2-150000.4.53.2 * libswscale4-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-3.4.2-150000.4.53.2 * libavresample-devel-3.4.2-150000.4.53.2 * libavcodec57-3.4.2-150000.4.53.2 * libavdevice57-3.4.2-150000.4.53.2 * libavutil55-debuginfo-3.4.2-150000.4.53.2 * libavformat57-3.4.2-150000.4.53.2 * libswscale4-32bit-3.4.2-150000.4.53.2 * libpostproc54-32bit-debuginfo-3.4.2-150000.4.53.2 * ffmpeg-debuginfo-3.4.2-150000.4.53.2 * libavutil55-32bit-debuginfo-3.4.2-150000.4.53.2 * libswresample2-32bit-debuginfo-3.4.2-150000.4.53.2 * libpostproc-devel-3.4.2-150000.4.53.2 * libswscale4-32bit-debuginfo-3.4.2-150000.4.53.2 * libavfilter6-3.4.2-150000.4.53.2 * libavcodec-devel-3.4.2-150000.4.53.2 * libavutil-devel-3.4.2-150000.4.53.2 * libavfilter6-32bit-debuginfo-3.4.2-150000.4.53.2 * libswscale4-3.4.2-150000.4.53.2 * ffmpeg-debugsource-3.4.2-150000.4.53.2 * libavfilter6-debuginfo-3.4.2-150000.4.53.2 * libswresample-devel-3.4.2-150000.4.53.2 * libavcodec57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavformat57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavformat57-debuginfo-3.4.2-150000.4.53.2 * libswresample2-debuginfo-3.4.2-150000.4.53.2 * libswresample2-3.4.2-150000.4.53.2 * libavdevice-devel-3.4.2-150000.4.53.2 * libavcodec57-debuginfo-3.4.2-150000.4.53.2 * libavdevice57-32bit-debuginfo-3.4.2-150000.4.53.2 * libavresample3-debuginfo-3.4.2-150000.4.53.2 * libpostproc54-3.4.2-150000.4.53.2 * libavdevice57-debuginfo-3.4.2-150000.4.53.2 * libavresample3-32bit-3.4.2-150000.4.53.2 * libswscale-devel-3.4.2-150000.4.53.2 * libavutil55-3.4.2-150000.4.53.2 * libavfilter-devel-3.4.2-150000.4.53.2 * libavformat-devel-3.4.2-150000.4.53.2 * libavformat57-32bit-3.4.2-150000.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2019-13390.html * https://www.suse.com/security/cve/CVE-2022-3341.html * https://www.suse.com/security/cve/CVE-2022-48434.html * https://bugzilla.suse.com/show_bug.cgi?id=1140754 * https://bugzilla.suse.com/show_bug.cgi?id=1206778 * https://bugzilla.suse.com/show_bug.cgi?id=1209934 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 5 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 05 May 2023 20:30:03 -0000 Subject: SUSE-RU-2023:2116-1: important: Recommended update for trento-agent Message-ID: <168331860310.29925.14480010717744470906@smelt2.suse.de> # Recommended update for trento-agent Announcement ID: SUSE-RU-2023:2116-1 Rating: important References: Affected Products: * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for trento-agent fixes the following issues: * Release 2.0.0 ### Added * Parse durations in cibadmin gatherer * Add ability to detect if running on `VMware` system * Pin web api version to v1 * Multiversion package support * Pretty print fact values * Unhide facts service url flag * Add version comparison functionality for package_version * Make `corosynccmapctl` gatherer output a map structure * Add initial support to verify the password for the hacluster user * Add argument validation for gatherers that require it * Hidden agent id flag * Sbd dump gatherer * Retrieve agent id command * Port cibadmin gatherer * Restructure project folders structure * Generic get value * Refactor sbd loading * Corosynccmap ctl gatherer port * Refactor sbd gatherer * Packageversion gatherer * Port systemd gatherer * Gather all hosts entries when no arg is provided * Add FactValue type * Implement /etc/hosts file gatherer * Implement saphostctrl gatherer ### Fixed * Fix getValue function when map is empty * Cibadmin meta attributes to list * Fix broken zypper output parsing in package_version due to `\n` * Handle `CorosyncCmapctlGatherer` receiving empty lines * Fix cluster_property_set parsing * Fix list conversion issues in the xml gatherer * Fix special lists usage in corosyncconf gatherer ### Removed * Remove ssh address references ### Other Changes * Add reviewers to dependabot * Trigger golang docs update in ci * Disable lll linter rule for test files ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2116=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2116=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2116=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2116=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * trento-agent-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP1 (noarch) * trento-server-installer-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * trento-agent-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP2 (noarch) * trento-server-installer-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * trento-agent-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP3 (noarch) * trento-server-installer-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * trento-agent-2.0.0-150100.3.3.2 * SAP Applications Module 15-SP4 (noarch) * trento-server-installer-2.0.0-150100.3.3.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat May 6 07:04:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:04:07 +0200 (CEST) Subject: SUSE-CU-2023:1447-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230506070407.5EBF6F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1447-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.121 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.121 Severity : moderate Type : security References : 1208828 1209042 1209187 CVE-2023-1127 CVE-2023-1264 CVE-2023-1355 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). The following package changes have been done: - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Sat May 6 07:04:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:04:38 +0200 (CEST) Subject: SUSE-CU-2023:1449-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230506070438.EE90FF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1449-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.17 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.17 Severity : moderate Type : security References : 1208828 1209042 1209187 CVE-2023-1127 CVE-2023-1264 CVE-2023-1355 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). The following package changes have been done: - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Sat May 6 07:07:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:07:17 +0200 (CEST) Subject: SUSE-CU-2023:1450-1: Recommended update of suse/sle15 Message-ID: <20230506070717.2684DF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1450-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.763 Container Release : 6.2.763 Severity : moderate Type : recommended References : 1209122 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) The following package changes have been done: - libprocps7-3.3.15-150000.7.31.1 updated - procps-3.3.15-150000.7.31.1 updated From sle-updates at lists.suse.com Sat May 6 07:09:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:09:09 +0200 (CEST) Subject: SUSE-CU-2023:1451-1: Recommended update of suse/sle15 Message-ID: <20230506070909.C6AA1F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1451-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.291 Container Release : 9.5.291 Severity : moderate Type : recommended References : 1209122 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) The following package changes have been done: - libprocps7-3.3.15-150000.7.31.1 updated - procps-3.3.15-150000.7.31.1 updated From sle-updates at lists.suse.com Sat May 6 07:09:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:09:28 +0200 (CEST) Subject: SUSE-CU-2023:1452-1: Security update of bci/bci-micro Message-ID: <20230506070928.6B662F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1452-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.19.2 , bci/bci-micro:latest Container Release : 19.2 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Sat May 6 07:09:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:09:43 +0200 (CEST) Subject: SUSE-CU-2023:1453-1: Security update of bci/bci-minimal Message-ID: <20230506070943.7FEE9F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1453-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.19.4 , bci/bci-minimal:latest Container Release : 19.4 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:micro-image-15.4.0-19.2 updated From sle-updates at lists.suse.com Sat May 6 07:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:10:01 +0200 (CEST) Subject: SUSE-CU-2023:1454-1: Security update of bci/bci-micro Message-ID: <20230506071001.280F7F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1454-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.5.6 Container Release : 5.6 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - sles-release-15.5-150500.42.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Sat May 6 07:10:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2023 09:10:16 +0200 (CEST) Subject: SUSE-CU-2023:1455-1: Security update of bci/bci-minimal Message-ID: <20230506071016.9AF82F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1455-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.5.15 Container Release : 5.15 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - sles-release-15.5-150500.42.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:micro-image-15.5.0-5.6 updated From sle-updates at lists.suse.com Sun May 7 07:02:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:02:35 +0200 (CEST) Subject: SUSE-CU-2023:1458-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20230507070235.DDB17F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1458-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.8.0.1 , ses/7.1/cephcsi/cephcsi:3.8.0.1.0.4.5.4 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.8.0.1 , ses/7.1/cephcsi/cephcsi:v3.8.0.1.0 Container Release : 4.5.4 Severity : important Type : security References : 1065270 1199132 1200710 1201617 1203123 1203201 1203599 1203746 1204585 1206483 1206781 1207022 1207571 1207843 1207957 1207975 1207992 1208036 1208283 1208358 1208905 1209122 1209209 1209210 1209211 1209212 1209214 1209361 1209362 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-23931 CVE-2023-24593 CVE-2023-25180 CVE-2023-25577 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1693-1 Released: Thu Mar 30 10:16:39 2023 Summary: Security update for python-Werkzeug Type: security Severity: important References: 1208283,CVE-2023-25577 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1757-1 Released: Tue Apr 4 13:18:19 2023 Summary: Recommended update for smartmontools Type: recommended Severity: important References: 1208905 This update for smartmontools fixes the following issues: - Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1954-1 Released: Mon Apr 24 11:10:40 2023 Summary: Recommended update for xmlsec1 Type: recommended Severity: low References: 1201617 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2113-1 Released: Fri May 5 14:35:14 2023 Summary: Recommended update for ceph-csi, ceph-csi-image Type: recommended Severity: moderate References: 1203123 This update for ceph-csi, ceph-csi-image fixes the following issues: - Fix for RBD: OOMKills occurs when secret metadata encryption type is used with multiple PVC create request. (bsc#1203123) The following package changes have been done: - ceph-csi-3.8.0.1+git0.5d5c932-150300.3.12.1 updated - glib2-tools-2.62.6-150200.3.15.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgio-2_0-0-2.62.6-150200.3.15.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libgmodule-2_0-0-2.62.6-150200.3.15.1 updated - libgobject-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libxmlsec1-1-1.2.28-150100.7.13.4 updated - libxmlsec1-openssl1-1.2.28-150100.7.13.4 updated - libzstd1-1.4.4-150000.1.9.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - nfs-kernel-server-2.1.1-150100.10.32.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - python3-Werkzeug-1.0.1-150300.3.3.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - shadow-4.8.1-150300.4.6.1 updated - smartmontools-7.2-150300.8.8.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - container:ceph-image-1.0.0-4.4.51 updated From sle-updates at lists.suse.com Sun May 7 07:02:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:02:41 +0200 (CEST) Subject: SUSE-CU-2023:1459-1: Security update of ses/7.1/ceph/haproxy Message-ID: <20230507070241.9807FF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1459-1 Container Tags : ses/7.1/ceph/haproxy:2.0.31 , ses/7.1/ceph/haproxy:2.0.31.3.5.391 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.391 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207181 1207294 1207571 1207780 1207957 1207975 1207992 1208132 1208358 1208828 1208828 1208957 1208959 1209042 1209122 1209187 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0056 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0512 CVE-2023-0687 CVE-2023-1127 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1355 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-25725 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2119-1 Released: Fri May 5 22:28:54 2023 Summary: Feature update for haproxy Type: feature Severity: moderate References: 1207181,1208132,CVE-2023-0056,CVE-2023-25725 This update for haproxy fixes the following issues: Update to version 2.0.31 (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * CI: github: change 'ubuntu-latest' to 'ubuntu-20.04' * SCRIPTS: announce-release: add a link to the data plane API * [RELEASE] Released version 2.0.30 * Revert 'CI: determine actual LibreSSL version dynamically' * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that 'retries' is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for 'http-reuse' * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * CI: emit the compiler's version in the build reports * CI: add monthly gcc cross compile jobs * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten 'show startup-logs' * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUILD: cfgparse: Fix GCC warning about a variable used after realloc * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: peers/config: always fill the bind_conf's argument * BUG/MINOR: http-fetch: Use integer value when possible in 'method' sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: http_request_buffer: Increase client timeout to wait 'slow' clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MINOR: peers: fix error reporting of 'bind' lines * REGTESTS: abortonclose: Fix some race conditions * BUILD: fix build warning on solaris based systems with __maybe_unused. * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.0.29 * BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: fix typo 'ant' for 'and' in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under 'show map''s init * BUG/MINOR: map/cli: protect the backref list during 'show map' errors * BUG/MEDIUM: cli: make 'show cli sockets' really yield * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * BUILD: sockpair: do not set unused flag * BUILD: proto_uxst: do not set unused flag * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * DOC: remove my name from the config doc * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUG/MINOR: cache: do not display expired entries in 'show cache' * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: Update to actions/cache at v3 * CI: Update to actions/checkout at v3 * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MINOR: tools: url2sa reads too far when no port nor path * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUILD: dns: fix backport of previous dns fix * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * Revert 'BUG/MAJOR: mux-pt: Always destroy the backend connection on detach' * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.0.28 * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * DOC: use the req.ssl_sni in examples * DOC: ssl: req_ssl_sni needs implicit TLS * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in 'show sess' * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * CLEANUP: atomic: add a fetch-and-xxx variant for common operations * CI: github actions: use cache for SSL libs * CI: github actions: add the output of $CC -dM -E- * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * [RELEASE] Released version 2.0.27 * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * DOC: fix misspelled keyword 'resolve_retries' in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: http: fix recent regression on authorization in legacy mode * Revert 'BUG/MEDIUM: resolvers: always check a valid item in query_list' * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * MINOR: ssl: make tlskeys_list_get_next() take a list element * CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() * CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * MINOR: cli: 'show version' displays the current process version * BUILD: general: always pass unsigned chars to is* functions * CLEANUP: peers: Remove unused static function `free_dcache_tx` * CLEANUP: peers: Remove unused static function `free_dcache` * REGTESTS: mark the abns test as broken again * BUILD: scripts/build-ssl.sh: use 'uname' instead of ${TRAVIS_OS_NAME} * BUILD: makefile: add entries to build common debugging tools * CI: Github Actions: temporarily disable BoringSSL builds * CI: Github Actions: switch to LibreSSL-3.3.3 * CI: github actions: update LibreSSL to 3.2.5 * Revert 'CI: Pin VTest to a known good commit' * CI: github actions: switch to stable LibreSSL release * CI: Fix the coverity builds * CI: Fix DEBUG_STRICT definition for Coverity * CI: Pin VTest to a known good commit * CI: github actions: build several popular 'contrib' tools * CI: GitHub Actions: enable daily Coverity scan * CI: github actions: enable 51degrees feature * CI: github actions: update LibreSSL to 3.3.0 * CI: Clean up Windows CI * CI: Pass the github.event_name to matrix.py * CI: Github Action: run 'apt-get update' before packages restore * CI: Github Actions: enable BoringSSL builds * CI: Github Actions: remove LibreSSL-3.0.2 builds * CI: Github Actions: enable prometheus exporter * CI: Stop hijacking the hosts file * CI: Expand use of GitHub Actions for CI * [RELEASE] Released version 2.0.26 * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * CLEANUP: ssl: Release cached SSL sessions on deinit * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary * MINOR: htx: Add a function to know if the free space wraps * MINOR: htx: Add an HTX flag to know when a message is fragmented * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check * MINOR: stream: Improve dump of bogus streams * DOC: config: Fix alphabetical order of fc_* samples * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT * CLEANUP: always initialize the answer_list * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame * BUG/MEDIUM: resolvers: always check a valid item in query_list * BUILD: resolvers: avoid a possible warning on null-deref * MINOR: resolvers: merge address and target into a union 'data' * BUG/MEDIUM: resolvers: use correct storage for the target address * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records * BUG/MEDIUM: resolver: make sure to always use the correct hostname length * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero * BUG/MEDIUM: sample: properly verify that variables cast to sample * MINOR: sample: provide a generic var-to-sample conversion function * CLEANUP: sample: uninline sample_conv_var2smp_str() * CLEANUP: sample: rename sample_conv_var2smp() to *_sint * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release * BUG/MINOR: filters: Set right FLT_END analyser depending on channel * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input * BUG/MAJOR: lua: use task_wakeup() to properly run a task once * BUG/MEDIUM: lua: fix wakeup condition from sleep() * DOC: peers: fix doc 'enable' statement on 'peers' sections * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send 'trailers' * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer * BUG/MINOR: server: allow 'enable health' only if check configured * Revert 'REGTESTS: mark http_abortonclose as broken' * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached * MEDIUM: actions: Fix block ACL. * BUG/MINOR: stats: fix the POST requests processing in legacy mode * BUG/MEDIUM: http: check for a channel pending data before waiting * BUG/MINOR: cli/payload: do not search for args inside payload * BUG/MINOR: compat: make sure __WORDSIZE is always defined * BUG/MINOR: systemd: ExecStartPre must use -Ws * [RELEASE] Released version 2.0.25 * REGTESTS: mark http_abortonclose as broken * MINOR: action: Use a generic function to check validity of an action rule list * Revert 'BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive' * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about 'must be < 256 MB' * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * REGTESTS: abortonclose: after retries, 503 is expected, not close * BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- * [RELEASE] Released version 2.0.24 * REGTESTS: add a test to prevent h2 desync attacks * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header * DOC/MINOR: fix typo in management document * MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade * DOC: config: Fix 'http-response send-spoe-group' documentation * DOC: Improve the lua documentation * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure * BUG/MINOR: server: update last_change on maint->ready transitions too * BUG/MINOR: connection: Add missing error labels to conn_err_code_str * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames * BUG/MINOR: mux-h2: Obey dontlognull option during the preface * BUG/MINOR: systemd: must check the configuration using -Ws * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected * BUILD: add detection of missing important CFLAGS * BUG/MEDIUM: tcp-check: Do not dereference inexisting connection * [RELEASE] Released version 2.0.23 * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled * BUG/MINOR: server-state: load SRV resolution only if params match the config * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MEDIUM: memory: make pool_gc() run under thread isolation * BUG/MEDIUM: pools: Always update free_list in pool_gc(). * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS * Revert 'MINOR: tcp-act: Add set-src/set-src-port for 'tcp-request content' rules' * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response * DOC: config: use CREATE USER for mysql-check * DOC: peers: fix the protocol tag name in the doc * DOC: stick-table: add missing documentation about gpt0 stored type * BUG/MINOR: stick-table: fix several printf sign errors dumping tables * BUG/MINOR: cli: fix server name output in 'show fd' * BUG/MEDIUM: sock: make sure to never miss early connection failures * BUG/MINOR: server/cli: Fix locking in function processing 'set server' command * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI * BUG/MINOR: resolvers: answser item list was randomly purged or errors * DOC: config: Add missing actions in 'tcp-request session' documentation * MINOR: tcp-act: Add set-src/set-src-port for 'tcp-request content' rules * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check * BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function * BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * BUG/MEDIUM: dns: reset file descriptor if send returns an error * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry * REGTESTS: Add script to test abortonclose option * MEDIUM: mux-h1: Don't block reads when waiting for the other side * BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive * MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() * BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port * BUG/MINOR: stream: Reset stream final state and si error type on L7 retry * BUG/MINOR: stream: properly clear the previous error mask on L7 retries * BUG/MINOR: stream: Decrement server current session counter on L7 retry * BUG/MEDIUM: cli: prevent memory leak on write errors * BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers * MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode * MINOR: peers: add informative flags about resync process for debugging * BUG/MEDIUM: peers: reset tables stage flags stages on new conns * BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly * BUG/MEDIUM: peers: reset commitupdate value in new conns * BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected * BUG/MEDIUM: peers: stop considering ack messages teaching a full resync * BUG/MEDIUM: peers: register last acked value as origin receiving a resync req * BUG/MEDIUM: peers: initialize resync timer to get an initial full resync * BUG/MINOR: applet: Notify the other side if data were consumed by an applet * BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message * BUG/MEDIUM: peers: re-work refcnt on table to protect against flush * BUG/MEDIUM: peers: re-work connection to new process during reload. * BUG/MINOR: peers: remove useless table check if initial resync is finished * BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data * BUG/MINOR: mworker: don't use oldpids[] anymore for reload * BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases * BUG/MEDIUM: config: fix cpu-map notation with both process and threads * BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames * BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers * BUG/MINOR: server: free srv.lb_nodes in free_server * BUG/MINOR: mux-h1: Release idle server H1 connection if data are received * BUG/MINOR: logs: Report the true number of retries if there was no connection * BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function * BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded * BUG/MEDIUM: threads: Ignore current thread to end its harmless period * BUG/MEDIUM: sample: Fix adjusting size in field converter * DOC: clarify that compression works for HTTP/2 * BUG/MINOR: tools: fix parsing 'us' unit for timers * DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options * [RELEASE] Released version 2.0.22 * BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks * MINOR: resolvers: Directly call srvrq_update_srv_state() when possible * MINOR: resolvers: Add function to change the srv status based on SRV resolution * MINOR: resolvers: Purge answer items when a SRV resolution triggers an error * MINOR: resolvers: Use a function to remove answers attached to a resolution * BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution * BUG/MAJOR: dns: disabled servers through SRV records never recover * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status * BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields * BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS * BUG/MINOR: tcp: fix silent-drop workaround for IPv6 * BUG/MINOR: stats: Apply proper styles in HTML status page. * BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent * BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters * MINOR: tools: make url2ipv4 return the exact number of bytes parsed * BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless * BUG/MEDIUM: time: make sure to always initialize the global tick * BUG/MEDIUM: lua: Always init the lua stack before referencing the context * BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback * MINOR: lua: Slightly improve function dumping the lua traceback * MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket * BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable * MINOR: time: also provide a global, monotonic global_now_ms timer * [RELEASE] Released version 2.0.21 * BUG/MINOR: freq_ctr/threads: make use of the last updated global time * MINOR: time: export the global_now variable * BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames * BUG/MINOR: resolvers: Reset server address on DNS error only on status change * BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error * CLEANUP: tcp-rules: add missing actions in the tcp-request error message * BUG/MINOR: session: Add some forgotten tests on session's listener * BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters * BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached * BUG/MEDIUM: session: NULL dereference possible when accessing the listener * BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode * BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() * BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout * DOC: spoe: Add a note about fragmentation support in HAProxy * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 * BUG/MINOR: connection: Use the client's dst family for adressless servers * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule * BUG/MINOR: http-ana: Only consider dst address to process originalto option * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() * BUG/MEDIUM: resolvers: Reset address for unresolved servers * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records * BUG/MINOR: resolvers: new callback to properly handle SRV record errors * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe * BUG/MINOR: sample: secure convs that accept base64 string and var name as args * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line * BUG/MINOR: server: Init params before parsing a new server-state line * BUG/MINOR: sample: Always consider zero size string samples as unsafe * BUG/MINOR: checks: properly handle wrapping time in __health_adjust() * BUG/MINOR: session: atomically increment the tracked sessions counter * BUG/MINOR: server: Remove RMAINT from admin state when loading server state * CLEANUP: channel: fix comment in ci_putblk. * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL * BUG/MINOR: cfgparse: do not mention 'addr:port' as supported on proxy lines * BUG/MEDIUM: config: don't pick unset values from last defaults section * CLEANUP: deinit: release global and per-proxy server-state variables on deinit * BUG/MINOR: server: Fix server-state-file-name directive * BUG/MINOR: backend: hold correctly lock when killing idle conn * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() * BUG/MINOR: server: re-align state file fields number * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state * BUG/MEDIUM: mux-h2: Be sure to enter in demux loop even if dbuf is empty * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix 'show resolvers' alphabetical ordering * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: peers: Wrong 'new_conn' value for 'show peers' CLI command. * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable * BUG/MINOR: sample: Memory leak of sample_expr structure in case of error * BUG/MINOR: sample: check alloc_trash_chunk return value in concat() * [RELEASE] Released version 2.0.20 * BUG/MINOR: sample: fix concat() converter's corruption with non-string variables * DOC: Add maintainers for the Prometheus exporter * SCRIPTS: announce-release: fix typo in help message * DOC: fix some spelling issues over multiple files * MINOR: contrib/prometheus-exporter: export build_info * BUILD: Makefile: exclude broken tests by default * BUG/MINOR: srv: do not init address if backend is disabled * SCRIPTS: make announce release support preparing announces before tag exists * SCRIPTS: improve announce-release to support different tag and versions * BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails * MINOR: atomic: don't use ; to separate instruction on aarch64. * BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h * BUILD: plock: remove dead code that causes a warning in gcc 11 * CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps * CONTRIB: halog: mark the has_zero* functions unused * CONTRIB: halog: fix build issue caused by %L printf format * BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode * BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests * BUILD: Makefile: have 'make clean' destroy .o/.a/.s in contrib subdirs as well * REGTESTS: make use of HAPROXY_ARGS and pass -dM by default * CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric * CLEANUP: lua: Remove declaration of an inexistant function * BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight * BUG/MINOR: tools: Reject size format not starting by a digit * BUG/MINOR: tools: make parse_time_err() more strict on the timer validity * DOC: email change of the DeviceAtlas maintainer * BUG/MEDIUM: spoa/python: Fixing references to None * BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments * BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails * BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations * DOC: spoa/python: Fixing typos in comments * DOC: spoa/python: Rephrasing memory related error messages * DOC: spoa/python: Fixing typo in IP related error messages * BUG/MAJOR: spoa/python: Fixing return None * DOC/MINOR: Fix formatting in Management Guide * BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times * MINOR: cli: add a function to look up a CLI service description * MINOR: actions: add a function returning a service pointer from its name * MINOR: actions: Export actions lookup functions * BUG/MINOR: lua: Some lua init operation are processed unsafe * BUG/MINOR: lua: Post init register function are not executed beyond the first one * BUG/MINOR: lua: lua-load doesn't check its parameters * MINOR: plock: use an ARMv8 instruction barrier for the pause instruction * DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section * BUG/MAJOR: peers: fix partial message decoding * BUG/MAJOR: filters: Always keep all offsets up to date during data filtering * BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests * BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering * BUILD: http-htx: fix build warning regarding long type in printf * MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. * MINOR: spoe: Don't close connection in sync mode on processing timeout * BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet * BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches * BUG/MINOR: http-fetch: Extract cookie value even when no cookie name * BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages * BUG/MINOR: peers: Missing TX cache entries reset. * BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. * BUG/MINOR: lua: set buffer size during map lookups * BUG/MINOR: pattern: a sample marked as const could be written * [RELEASE] Released version 2.0.19 * BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L * MINOR: http-htx: Add understandable errors for the errorfiles parsing * BUG/MEDIUM: stick-table: limit the time spent purging old entries * BUG/MINOR: filters: Skip disabled proxies during startup only * BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade * MINOR: server: Copy configuration file and line for server templates * BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup * BUG/MEDIUM: filters: Don't try to init filters for disabled proxies * BUG/MINOR: cache: Inverted variables in http_calc_maxage function * BUG/MINOR: lua: initialize sample before using it * BUG/MINOR: server: fix down_time report for stats * BUG/MINOR: server: fix srv downtime calcul on starting * BUG/MINOR: log: fix memory leak on logsrv parse error * BUG/MINOR: extcheck: add missing checks on extchk_setenv() * BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible * BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests * BUG/MEDIUM: server: support changing the slowstart value from state-file * BUG/MINOR: queue: properly report redistributed connections * BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. * BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn * BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages * BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided * BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once * MINOR: fd: report an error message when failing initial allocations * BUG/MINOR: mux-h2: do not stop outgoing connections on stopping * BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited * BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf(). * BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses * BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams * BUG/MINOR: mux-h1: Always set the session on frontend h1 stream * BUG/MINOR: peers: Inconsistency when dumping peer status codes. * MINOR: hlua: Display debug messages on stderr only in debug mode * BUG/MINOR: stats: fix validity of the json schema * MINOR: counters: fix a typo in comment * BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe * BUG/MINOR: Fix several leaks of 'log_tag' in init(). * BUILD: makefile: Fix building with closefrom() support enabled * DOC: ssl: crt-list negative filters are only a hint * [RELEASE] Released version 2.0.18 * REGTEST: make map_regm_with_backref require 1.7 * REGTEST: make abns_socket.vtc require 1.8 * REGTEST: fix host part in balance-uri-path-only.vtc * REGTESTS: add a few load balancing tests * DOC: agent-check: fix typo in 'fail' word expected reply * DOC: spoa-server: fix false friends `actually` * BUG/MEDIUM: listeners: do not pause foreign listeners * BUG/MINOR: config: Fix memory leak on config parse listen * BUG/MINOR: Fix memory leaks cfg_parse_peers * BUG/MEDIUM: h2: report frame bits only for handled types * BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch * BUG/MINOR: server: report correct error message for invalid port on 'socks4' * BUG/MINOR: ssl: verifyhost is case sensitive * BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate * BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers * BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned * BUILD: threads: better workaround for late loading of libgcc_s * BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections * BUG/MINOR: auth: report valid crypto(3) support depending on build options * CLEANUP: Update .gitignore * MINOR: Commit .gitattributes * BUILD: thread: limit the libgcc_s workaround to glibc only * BUG/MINOR: threads: work around a libgcc_s issue with chrooting * BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() * BUG/MEDIUM: doc: Fix replace-path action description * BUG/MINOR: startup: haproxy -s cause 100% cpu * BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address * BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure * BUG/MINOR: contrib/spoa-server: Do not free reference to NULL * BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed * BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak * DOC: cache: Use '' instead of '' in error message * BUG/MINOR: reload: do not fail when no socket is sent * BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction * BUG/MINOR: stats: use strncmp() instead of memcmp() on health states * BUG/MINOR: snapshots: leak of snapshots on deinit() * BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation * BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation * BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime * BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send * BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response * SCRIPTS: git-show-backports: emit the shell command to backport a commit * SCRIPTS: git-show-backports: make -m most only show the left branch * [RELEASE] Released version 2.0.17 * SCRIPTS: announce-release: add the link to the wiki in the announce messages * MINOR: stream-int: Be sure to have a mux to do sends and receives * MINOR: connection: Preinstall the mux for non-ssl connect * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation * MEDIUM: lua: Add support for the Lua 5.4 * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized * BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received * BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed * BUG/MAJOR: dns: Make the do-resolve action thread-safe * BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete * BUG/MEDIUM: resolve: fix init resolving for ring and peers section. * BUG/MINOR: cfgparse: don't increment linenum on incomplete lines * BUILD: thread: add parenthesis around values of locking macros * MINOR: pools: increase MAX_BASE_POOLS to 64 * BUG/MINOR: threads: Don't forget to init each thread toremove_lock. * REGEST: Add reg tests about error files * BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() * [RELEASE] Released version 2.0.16 * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode * CONTRIB: da: fix memory leak in dummy function da_atlas_open() * BUG/MINOR: sample: Free str.area in smp_check_const_meth * BUG/MINOR: sample: Free str.area in smp_check_const_bool * DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x * BUG/MEDIUM: stream-int: Disable connection retries on plain HTTP proxy mode * BUG/MAJOR: stream: Mark the server address as unset on new outgoing connection * MINOR: http: Add support for http 413 status * BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server * BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready * MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only * BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf() * BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received * BUG/MINOR: mux-h1: Disable splicing only if input data was processed * BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive * BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode * BUG/MINOR: http_act: don't check capture id in backend (2) * DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd-ratio * DOC: configuration: add missing index entries for tune.pool-{low,high}-fd-ratio * BUG/MINOR: proxy: always initialize the trash in show servers state * BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash * BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible * DOC: ssl: add 'allow-0rtt' and 'ciphersuites' in crt-list * MINOR: cli: make 'show sess' stop at the last known session * BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL * REGTEST: ssl: add some ssl_c_* sample fetches test * REGTEST: ssl: tests the ssl_f_* sample fetches * MINOR: spoe: Don't systematically create new applets if processing rate is low * BUG/MINOR: http_ana: clarify connection pointer check on L7 retry * BUG/MINOR: spoe: correction of setting bits for analyzer * REGTEST: Add a simple script to tests errorfile directives in proxy sections * BUG/MINOR: systemd: Wait for network to be online * MEDIUM: map: make the 'clear map' operation yield * REGTEST: http-rules: test spaces in ACLs with master CLI * REGTEST: http-rules: test spaces in ACLs * BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI * BUG/MINOR: mworker/cli: fix the escaping in the master CLI * BUG/MINOR: cli: allow space escaping on the CLI * BUG/MINOR: spoe: add missing key length check before checking key names * BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks * BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness * MINOR: http: Add 404 to http-request deny * MINOR: http: Add 410 to http-request deny * [RELEASE] Released version 2.0.15 * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used * BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv * BUG/MEDIUM: pattern: fix thread safety of pattern matching * BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor * BUG/MINOR: mworker: fix a memleak when execvp() failed * BUG/MEDIUM: mworker: fix the reload with an -- option * BUG/MINOR: init: -S can have a parameter starting with a dash * BUG/MINOR: init: -x can have a parameter starting with a dash * BUG/MEDIUM: mworker: fix the copy of options in copy_argv() * BUILD: makefile: adjust the sed expression of 'make help' for solaris * BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version * BUG/MEDIUM: logs: fix trailing zeros on log message. * BUG/MINOR: logs: prevent double line returns in some events. * BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics * BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations * BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action * BUG/MINOR: peers: fix internal/network key type mapping. * SCRIPTS: publish-release: pass -n to gzip to remove timestamp * Revert 'BUG/MEDIUM: connections: force connections cleanup on server changes' * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf * BUG/MINOR: lua: Add missing string length for lua sticktable lookup * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified * BUG/MINOR: cache: Don't needlessly test 'cache' keyword in parse_cache_flt() * BUILD: select: only declare existing local labels to appease clang * BUG/MINOR: soft-stop: always wake up waiting threads on stopping * BUG/MINOR: pollers: remove uneeded free in global init * BUG/MINOR: pools: use %u not %d to report pool stats in 'show pools' * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer * BUG/MINOR: http-ana: fix NTLM response parsing again * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() * BUG/MINOR: sample: Set the correct type when a binary is converted to a string * CLEANUP: connections: align function declaration * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() * BUG/MEDIUM: connections: force connections cleanup on server changes * BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. * BUG/MINOR: checks: Remove a warning about http health checks * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks * BUG/MEDIUM: checks: Always initialize checks before starting them * BUG/MINOR: checks/server: use_ssl member must be signed * BUG/MEDIUM: server/checks: Init server check during config validity check * Revert 'BUG/MINOR: connection: make sure to correctly tag local PROXY connections' * BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection * REGTEST: ssl: test the client certificate authentication * MINOR: stream: report the list of active filters on stream crashes * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock * BUG/MEDIUM: shctx: really check the lock's value while waiting * BUG/MINOR: debug: properly use long long instead of long for the thread ID * MINOR: threads: export the POSIX thread ID in panic dumps * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream * BUG/MEDIUM: http: the 'unique-id' sample fetch could crash without a steeam * BUG/MEDIUM: http: the 'http_first_req' sample fetch could crash without a steeam * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function * BUG/MINOR: checks: chained expect will not properly wait for enough data * BUG/MINOR: checks: Respect the no-check-ssl option * MINOR: checks: Add a way to send custom headers and payload during http chekcs * BUG/MINOR: check: Update server address and port to execute an external check * DOC: option logasap does not depend on mode * BUG/MINOR: http: make url_decode() optionally convert '+' to SP * BUG/MINOR: tools: fix the i386 version of the div64_32 function * BUG/MEDIUM: http-ana: Handle NTLM messages correctly. * BUG/MINOR: ssl: default settings for ssl server options are not used * DOC: Improve documentation on http-request set-src * DOC: hashing: update link to hashing functions * BUG/MINOR: peers: Incomplete peers sections should be validated. * BUG/MINOR: protocol_buffer: Wrong maximum shifting. The following package changes have been done: - glibc-2.31-150300.46.1 updated - haproxy-2.0.31-150200.11.20.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:02:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:02:46 +0200 (CEST) Subject: SUSE-CU-2023:1460-1: Security update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20230507070246.4057BF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1460-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1-build2.2.440 Container Release : 2.2.440 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:02:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:02:51 +0200 (CEST) Subject: SUSE-CU-2023:1461-1: Security update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20230507070251.21106F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1461-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.2.1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1-build2.2.431 Container Release : 2.2.431 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:02:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:02:56 +0200 (CEST) Subject: SUSE-CU-2023:1462-1: Security update of ses/7.1/cephcsi/csi-resizer Message-ID: <20230507070256.39762F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1462-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.5.0 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1-build2.2.424 Container Release : 2.2.424 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:03:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:03:00 +0200 (CEST) Subject: SUSE-CU-2023:1463-1: Security update of ses/7.1/ceph/prometheus-alertmanager Message-ID: <20230507070300.A84D0F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1463-1 Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.423 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific Container Release : 3.2.423 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:03:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:03:05 +0200 (CEST) Subject: SUSE-CU-2023:1464-1: Security update of ses/7.1/ceph/prometheus-node-exporter Message-ID: <20230507070305.A4F0CF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1464-1 Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.3.0 , ses/7.1/ceph/prometheus-node-exporter:1.3.0.3.2.414 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific Container Release : 3.2.414 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:791-1 Released: Fri Mar 17 05:20:45 2023 Summary: Optional update for golang-github-prometheus-node_exporter Type: optional Severity: moderate References: This update for golang-github-prometheus-node_exporter fixes the following issues: - Move package for SUSE Linux Enterprise Micro to the correct codestream - No source changes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:03:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:03:10 +0200 (CEST) Subject: SUSE-CU-2023:1465-1: Security update of ses/7.1/ceph/prometheus-server Message-ID: <20230507070310.99B6AF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1465-1 Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.407 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.407 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208049 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-46146 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1859-1 Released: Fri Apr 14 16:44:52 2023 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: important References: 1208049,CVE-2022-46146 This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in Prometheus Exporter Toolkit (bsc#1208049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - golang-github-prometheus-prometheus-2.32.1-150100.4.12.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:03:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:03:14 +0200 (CEST) Subject: SUSE-CU-2023:1466-1: Security update of ses/7.1/ceph/prometheus-snmp_notifier Message-ID: <20230507070314.F30AAF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1466-1 Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.396 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific Container Release : 2.2.396 Severity : important Type : security References : 1065270 1178233 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206949 1207294 1207571 1207957 1207975 1207992 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.8-150200.50.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:03:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:03:22 +0200 (CEST) Subject: SUSE-CU-2023:1467-1: Security update of ses/7.1/rook/ceph Message-ID: <20230507070322.AD445F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1467-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.392 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.392 Severity : important Type : security References : 1065270 1199132 1200710 1201617 1203201 1203599 1203746 1204585 1206483 1206781 1207022 1207571 1207843 1207957 1207975 1207992 1208036 1208283 1208358 1208905 1209122 1209209 1209210 1209211 1209212 1209214 1209361 1209362 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-23931 CVE-2023-24593 CVE-2023-25180 CVE-2023-25577 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1693-1 Released: Thu Mar 30 10:16:39 2023 Summary: Security update for python-Werkzeug Type: security Severity: important References: 1208283,CVE-2023-25577 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1757-1 Released: Tue Apr 4 13:18:19 2023 Summary: Recommended update for smartmontools Type: recommended Severity: important References: 1208905 This update for smartmontools fixes the following issues: - Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1954-1 Released: Mon Apr 24 11:10:40 2023 Summary: Recommended update for xmlsec1 Type: recommended Severity: low References: 1201617 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - glib2-tools-2.62.6-150200.3.15.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libgio-2_0-0-2.62.6-150200.3.15.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libgmodule-2_0-0-2.62.6-150200.3.15.1 updated - libgobject-2_0-0-2.62.6-150200.3.15.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libxmlsec1-1-1.2.28-150100.7.13.4 updated - libxmlsec1-openssl1-1.2.28-150100.7.13.4 updated - libzstd1-1.4.4-150000.1.9.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - nfs-kernel-server-2.1.1-150100.10.32.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - procps-3.3.15-150000.7.31.1 updated - python3-Werkzeug-1.0.1-150300.3.3.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - shadow-4.8.1-150300.4.6.1 updated - smartmontools-7.2-150300.8.8.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-17.20.133 updated From sle-updates at lists.suse.com Sun May 7 07:06:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:06:03 +0200 (CEST) Subject: SUSE-CU-2023:1468-1: Security update of suse/sles12sp4 Message-ID: <20230507070603.2A57FF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1468-1 Container Tags : suse/sles12sp4:26.599 , suse/sles12sp4:latest Container Release : 26.599 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2112-1 Released: Fri May 5 14:34:42 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - base-container-licenses-3.0-1.348 updated - container-suseconnect-2.0.0-1.230 updated - libncurses5-5.9-81.1 updated - ncurses-utils-5.9-81.1 updated - terminfo-base-5.9-81.1 updated From sle-updates at lists.suse.com Sun May 7 07:08:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:08:03 +0200 (CEST) Subject: SUSE-CU-2023:1469-1: Security update of suse/sles12sp5 Message-ID: <20230507070803.10E73F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1469-1 Container Tags : suse/sles12sp5:6.5.466 , suse/sles12sp5:latest Container Release : 6.5.466 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2112-1 Released: Fri May 5 14:34:42 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses5-5.9-81.1 updated - libncurses6-5.9-81.1 updated - ncurses-utils-5.9-81.1 updated - terminfo-base-5.9-81.1 updated From sle-updates at lists.suse.com Sun May 7 07:10:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:10:55 +0200 (CEST) Subject: SUSE-CU-2023:1470-1: Security update of suse/sle15 Message-ID: <20230507071055.1EFECF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1470-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.764 Container Release : 6.2.764 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Sun May 7 07:12:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:12:56 +0200 (CEST) Subject: SUSE-CU-2023:1471-1: Security update of suse/sle15 Message-ID: <20230507071256.B0A3AF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1471-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.292 Container Release : 9.5.292 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Sun May 7 07:13:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 May 2023 09:13:14 +0200 (CEST) Subject: SUSE-CU-2023:1472-1: Security update of suse/registry Message-ID: <20230507071314.BB2CDF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1472-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-9.5 , suse/registry:latest Container Release : 9.5 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:micro-image-15.4.0-19.2 updated From sle-updates at lists.suse.com Mon May 8 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:1474-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230508070333.9D32DF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1474-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.386 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.386 Severity : moderate Type : security References : 1208828 1209042 1209187 CVE-2023-1127 CVE-2023-1264 CVE-2023-1355 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). The following package changes have been done: - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Mon May 8 07:03:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2023 09:03:58 +0200 (CEST) Subject: SUSE-CU-2023:1475-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230508070358.9BB89F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1475-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.208 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.208 Severity : moderate Type : security References : 1208828 1209042 1209187 CVE-2023-1127 CVE-2023-1264 CVE-2023-1355 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). The following package changes have been done: - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Mon May 8 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 08:30:02 -0000 Subject: SUSE-RU-2023:0807-2: moderate: Recommended update for salt Message-ID: <168353460264.30651.15833421718224597729@smelt2.suse.de> # Recommended update for salt Announcement ID: SUSE-RU-2023:0807-2 Rating: moderate References: * #1208691 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for salt fixes the following issues: * Fix problem with detecting PTF packages (bsc#1208691) * Fix pkg.version_cmp on openEuler systems and a few other OS flavors * Make pkg.remove function from zypperpkg module to handle also PTF packages ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-807=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-807=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * salt-3004-150400.8.25.1 * python3-salt-3004-150400.8.25.1 * salt-transactional-update-3004-150400.8.25.1 * salt-minion-3004-150400.8.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * salt-3004-150400.8.25.1 * python3-salt-3004-150400.8.25.1 * salt-transactional-update-3004-150400.8.25.1 * salt-minion-3004-150400.8.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208691 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:04:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:04:56 -0000 Subject: SUSE-FU-2023:2119-1: moderate: Feature update for haproxy Message-ID: <168353669685.2288.18407475673901708602@smelt2.suse.de> # Feature update for haproxy Announcement ID: SUSE-FU-2023:2119-1 Rating: moderate References: * #1207181 * #1208132 Cross-References: * CVE-2023-0056 * CVE-2023-25725 CVSS scores: * CVE-2023-0056 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0056 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25725 ( SUSE ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L * CVE-2023-25725 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for haproxy fixes the following issues: Update to version 2.0.31 (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * SCRIPTS: announce-release: add a link to the data plane API * [RELEASE] Released version 2.0.30 * Revert "CI: determine actual LibreSSL version dynamically" * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * CI: emit the compiler's version in the build reports * CI: add monthly gcc cross compile jobs * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUILD: cfgparse: Fix GCC warning about a variable used after realloc * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to- date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: peers/config: always fill the bind_conf's argument * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MINOR: peers: fix error reporting of "bind" lines * REGTESTS: abortonclose: Fix some race conditions * BUILD: fix build warning on solaris based systems with __maybe_unused. * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.0.29 * BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * BUILD: sockpair: do not set unused flag * BUILD: proto_uxst: do not set unused flag * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * DOC: remove my name from the config doc * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep- alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: Update to actions/cache at v3 * CI: Update to actions/checkout at v3 * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MINOR: tools: url2sa reads too far when no port nor path * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUILD: dns: fix backport of previous dns fix * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * Revert "BUG/MAJOR: mux-pt: Always destroy the backend connection on detach" * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.0.28 * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * DOC: use the req.ssl_sni in examples * DOC: ssl: req_ssl_sni needs implicit TLS * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * CLEANUP: atomic: add a fetch-and-xxx variant for common operations * CI: github actions: use cache for SSL libs * CI: github actions: add the output of $CC -dM -E- * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * [RELEASE] Released version 2.0.27 * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: http: fix recent regression on authorization in legacy mode * Revert "BUG/MEDIUM: resolvers: always check a valid item in query_list" * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * MINOR: ssl: make tlskeys_list_get_next() take a list element * CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() * CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * MINOR: cli: "show version" displays the current process version * BUILD: general: always pass unsigned chars to is* functions * CLEANUP: peers: Remove unused static function `free_dcache_tx` * CLEANUP: peers: Remove unused static function `free_dcache` * REGTESTS: mark the abns test as broken again * BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME} * BUILD: makefile: add entries to build common debugging tools * CI: Github Actions: temporarily disable BoringSSL builds * CI: Github Actions: switch to LibreSSL-3.3.3 * CI: github actions: update LibreSSL to 3.2.5 * Revert "CI: Pin VTest to a known good commit" * CI: github actions: switch to stable LibreSSL release * CI: Fix the coverity builds * CI: Fix DEBUG_STRICT definition for Coverity * CI: Pin VTest to a known good commit * CI: github actions: build several popular "contrib" tools * CI: GitHub Actions: enable daily Coverity scan * CI: github actions: enable 51degrees feature * CI: github actions: update LibreSSL to 3.3.0 * CI: Clean up Windows CI * CI: Pass the github.event_name to matrix.py * CI: Github Action: run "apt-get update" before packages restore * CI: Github Actions: enable BoringSSL builds * CI: Github Actions: remove LibreSSL-3.0.2 builds * CI: Github Actions: enable prometheus exporter * CI: Stop hijacking the hosts file * CI: Expand use of GitHub Actions for CI * [RELEASE] Released version 2.0.26 * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * CLEANUP: ssl: Release cached SSL sessions on deinit * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary * MINOR: htx: Add a function to know if the free space wraps * MINOR: htx: Add an HTX flag to know when a message is fragmented * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check * MINOR: stream: Improve dump of bogus streams * DOC: config: Fix alphabetical order of fc_* samples * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT * CLEANUP: always initialize the answer_list * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame * BUG/MEDIUM: resolvers: always check a valid item in query_list * BUILD: resolvers: avoid a possible warning on null-deref * MINOR: resolvers: merge address and target into a union "data" * BUG/MEDIUM: resolvers: use correct storage for the target address * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records * BUG/MEDIUM: resolver: make sure to always use the correct hostname length * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero * BUG/MEDIUM: sample: properly verify that variables cast to sample * MINOR: sample: provide a generic var-to-sample conversion function * CLEANUP: sample: uninline sample_conv_var2smp_str() * CLEANUP: sample: rename sample_conv_var2smp() to *_sint * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release * BUG/MINOR: filters: Set right FLT_END analyser depending on channel * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input * BUG/MAJOR: lua: use task_wakeup() to properly run a task once * BUG/MEDIUM: lua: fix wakeup condition from sleep() * DOC: peers: fix doc "enable" statement on "peers" sections * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer * BUG/MINOR: server: allow 'enable health' only if check configured * Revert "REGTESTS: mark http_abortonclose as broken" * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached * MEDIUM: actions: Fix block ACL. * BUG/MINOR: stats: fix the POST requests processing in legacy mode * BUG/MEDIUM: http: check for a channel pending data before waiting * BUG/MINOR: cli/payload: do not search for args inside payload * BUG/MINOR: compat: make sure __WORDSIZE is always defined * BUG/MINOR: systemd: ExecStartPre must use -Ws * [RELEASE] Released version 2.0.25 * REGTESTS: mark http_abortonclose as broken * MINOR: action: Use a generic function to check validity of an action rule list * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * REGTESTS: abortonclose: after retries, 503 is expected, not close * BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- * [RELEASE] Released version 2.0.24 * REGTESTS: add a test to prevent h2 desync attacks * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header * DOC/MINOR: fix typo in management document * MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade * DOC: config: Fix 'http-response send-spoe-group' documentation * DOC: Improve the lua documentation * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure * BUG/MINOR: server: update last_change on maint->ready transitions too * BUG/MINOR: connection: Add missing error labels to conn_err_code_str * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames * BUG/MINOR: mux-h2: Obey dontlognull option during the preface * BUG/MINOR: systemd: must check the configuration using -Ws * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected * BUILD: add detection of missing important CFLAGS * BUG/MEDIUM: tcp-check: Do not dereference inexisting connection * [RELEASE] Released version 2.0.23 * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled * BUG/MINOR: server-state: load SRV resolution only if params match the config * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MEDIUM: memory: make pool_gc() run under thread isolation * BUG/MEDIUM: pools: Always update free_list in pool_gc(). * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS * Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response * DOC: config: use CREATE USER for mysql-check * DOC: peers: fix the protocol tag name in the doc * DOC: stick-table: add missing documentation about gpt0 stored type * BUG/MINOR: stick-table: fix several printf sign errors dumping tables * BUG/MINOR: cli: fix server name output in "show fd" * BUG/MEDIUM: sock: make sure to never miss early connection failures * BUG/MINOR: server/cli: Fix locking in function processing "set server" command * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI * BUG/MINOR: resolvers: answser item list was randomly purged or errors * DOC: config: Add missing actions in "tcp-request session" documentation * MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check * BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function * BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * BUG/MEDIUM: dns: reset file descriptor if send returns an error * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp- request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry * REGTESTS: Add script to test abortonclose option * MEDIUM: mux-h1: Don't block reads when waiting for the other side * BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive * MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() * BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port * BUG/MINOR: stream: Reset stream final state and si error type on L7 retry * BUG/MINOR: stream: properly clear the previous error mask on L7 retries * BUG/MINOR: stream: Decrement server current session counter on L7 retry * BUG/MEDIUM: cli: prevent memory leak on write errors * BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers * MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode * MINOR: peers: add informative flags about resync process for debugging * BUG/MEDIUM: peers: reset tables stage flags stages on new conns * BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly * BUG/MEDIUM: peers: reset commitupdate value in new conns * BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected * BUG/MEDIUM: peers: stop considering ack messages teaching a full resync * BUG/MEDIUM: peers: register last acked value as origin receiving a resync req * BUG/MEDIUM: peers: initialize resync timer to get an initial full resync * BUG/MINOR: applet: Notify the other side if data were consumed by an applet * BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message * BUG/MEDIUM: peers: re-work refcnt on table to protect against flush * BUG/MEDIUM: peers: re-work connection to new process during reload. * BUG/MINOR: peers: remove useless table check if initial resync is finished * BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data * BUG/MINOR: mworker: don't use oldpids[] anymore for reload * BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases * BUG/MEDIUM: config: fix cpu-map notation with both process and threads * BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames * BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers * BUG/MINOR: server: free srv.lb_nodes in free_server * BUG/MINOR: mux-h1: Release idle server H1 connection if data are received * BUG/MINOR: logs: Report the true number of retries if there was no connection * BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function * BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded * BUG/MEDIUM: threads: Ignore current thread to end its harmless period * BUG/MEDIUM: sample: Fix adjusting size in field converter * DOC: clarify that compression works for HTTP/2 * BUG/MINOR: tools: fix parsing "us" unit for timers * DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options * [RELEASE] Released version 2.0.22 * BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks * MINOR: resolvers: Directly call srvrq_update_srv_state() when possible * MINOR: resolvers: Add function to change the srv status based on SRV resolution * MINOR: resolvers: Purge answer items when a SRV resolution triggers an error * MINOR: resolvers: Use a function to remove answers attached to a resolution * BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution * BUG/MAJOR: dns: disabled servers through SRV records never recover * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status * BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields * BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS * BUG/MINOR: tcp: fix silent-drop workaround for IPv6 * BUG/MINOR: stats: Apply proper styles in HTML status page. * BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent * BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters * MINOR: tools: make url2ipv4 return the exact number of bytes parsed * BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless * BUG/MEDIUM: time: make sure to always initialize the global tick * BUG/MEDIUM: lua: Always init the lua stack before referencing the context * BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback * MINOR: lua: Slightly improve function dumping the lua traceback * MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket * BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable * MINOR: time: also provide a global, monotonic global_now_ms timer * [RELEASE] Released version 2.0.21 * BUG/MINOR: freq_ctr/threads: make use of the last updated global time * MINOR: time: export the global_now variable * BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames * BUG/MINOR: resolvers: Reset server address on DNS error only on status change * BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error * CLEANUP: tcp-rules: add missing actions in the tcp-request error message * BUG/MINOR: session: Add some forgotten tests on session's listener * BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters * BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached * BUG/MEDIUM: session: NULL dereference possible when accessing the listener * BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode * BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() * BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout * DOC: spoe: Add a note about fragmentation support in HAProxy * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 * BUG/MINOR: connection: Use the client's dst family for adressless servers * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule * BUG/MINOR: http-ana: Only consider dst address to process originalto option * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() * BUG/MEDIUM: resolvers: Reset address for unresolved servers * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records * BUG/MINOR: resolvers: new callback to properly handle SRV record errors * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe * BUG/MINOR: sample: secure convs that accept base64 string and var name as args * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line * BUG/MINOR: server: Init params before parsing a new server-state line * BUG/MINOR: sample: Always consider zero size string samples as unsafe * BUG/MINOR: checks: properly handle wrapping time in __health_adjust() * BUG/MINOR: session: atomically increment the tracked sessions counter * BUG/MINOR: server: Remove RMAINT from admin state when loading server state * CLEANUP: channel: fix comment in ci_putblk. * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL * BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines * BUG/MEDIUM: config: don't pick unset values from last defaults section * CLEANUP: deinit: release global and per-proxy server-state variables on deinit * BUG/MINOR: server: Fix server-state-file-name directive * BUG/MINOR: backend: hold correctly lock when killing idle conn * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() * BUG/MINOR: server: re-align state file fields number * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state * BUG/MEDIUM: mux-h2: Be sure to enter in demux loop even if dbuf is empty * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix "show resolvers" alphabetical ordering * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable * BUG/MINOR: sample: Memory leak of sample_expr structure in case of error * BUG/MINOR: sample: check alloc_trash_chunk return value in concat() * [RELEASE] Released version 2.0.20 * BUG/MINOR: sample: fix concat() converter's corruption with non-string variables * DOC: Add maintainers for the Prometheus exporter * SCRIPTS: announce-release: fix typo in help message * DOC: fix some spelling issues over multiple files * MINOR: contrib/prometheus-exporter: export build_info * BUILD: Makefile: exclude broken tests by default * BUG/MINOR: srv: do not init address if backend is disabled * SCRIPTS: make announce release support preparing announces before tag exists * SCRIPTS: improve announce-release to support different tag and versions * BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails * MINOR: atomic: don't use ; to separate instruction on aarch64. * BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h * BUILD: plock: remove dead code that causes a warning in gcc 11 * CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps * CONTRIB: halog: mark the has_zero* functions unused * CONTRIB: halog: fix build issue caused by %L printf format * BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode * BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests * BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well * REGTESTS: make use of HAPROXY_ARGS and pass -dM by default * CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric * CLEANUP: lua: Remove declaration of an inexistant function * BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight * BUG/MINOR: tools: Reject size format not starting by a digit * BUG/MINOR: tools: make parse_time_err() more strict on the timer validity * DOC: email change of the DeviceAtlas maintainer * BUG/MEDIUM: spoa/python: Fixing references to None * BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments * BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails * BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations * DOC: spoa/python: Fixing typos in comments * DOC: spoa/python: Rephrasing memory related error messages * DOC: spoa/python: Fixing typo in IP related error messages * BUG/MAJOR: spoa/python: Fixing return None * DOC/MINOR: Fix formatting in Management Guide * BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times * MINOR: cli: add a function to look up a CLI service description * MINOR: actions: add a function returning a service pointer from its name * MINOR: actions: Export actions lookup functions * BUG/MINOR: lua: Some lua init operation are processed unsafe * BUG/MINOR: lua: Post init register function are not executed beyond the first one * BUG/MINOR: lua: lua-load doesn't check its parameters * MINOR: plock: use an ARMv8 instruction barrier for the pause instruction * DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section * BUG/MAJOR: peers: fix partial message decoding * BUG/MAJOR: filters: Always keep all offsets up to date during data filtering * BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests * BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering * BUILD: http-htx: fix build warning regarding long type in printf * MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. * MINOR: spoe: Don't close connection in sync mode on processing timeout * BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet * BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches * BUG/MINOR: http-fetch: Extract cookie value even when no cookie name * BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages * BUG/MINOR: peers: Missing TX cache entries reset. * BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. * BUG/MINOR: lua: set buffer size during map lookups * BUG/MINOR: pattern: a sample marked as const could be written * [RELEASE] Released version 2.0.19 * BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L * MINOR: http-htx: Add understandable errors for the errorfiles parsing * BUG/MEDIUM: stick-table: limit the time spent purging old entries * BUG/MINOR: filters: Skip disabled proxies during startup only * BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade * MINOR: server: Copy configuration file and line for server templates * BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup * BUG/MEDIUM: filters: Don't try to init filters for disabled proxies * BUG/MINOR: cache: Inverted variables in http_calc_maxage function * BUG/MINOR: lua: initialize sample before using it * BUG/MINOR: server: fix down_time report for stats * BUG/MINOR: server: fix srv downtime calcul on starting * BUG/MINOR: log: fix memory leak on logsrv parse error * BUG/MINOR: extcheck: add missing checks on extchk_setenv() * BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible * BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests * BUG/MEDIUM: server: support changing the slowstart value from state-file * BUG/MINOR: queue: properly report redistributed connections * BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. * BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn * BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages * BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided * BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once * MINOR: fd: report an error message when failing initial allocations * BUG/MINOR: mux-h2: do not stop outgoing connections on stopping * BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited * BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf(). * BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses * BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams * BUG/MINOR: mux-h1: Always set the session on frontend h1 stream * BUG/MINOR: peers: Inconsistency when dumping peer status codes. * MINOR: hlua: Display debug messages on stderr only in debug mode * BUG/MINOR: stats: fix validity of the json schema * MINOR: counters: fix a typo in comment * BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe * BUG/MINOR: Fix several leaks of 'log_tag' in init(). * BUILD: makefile: Fix building with closefrom() support enabled * DOC: ssl: crt-list negative filters are only a hint * [RELEASE] Released version 2.0.18 * REGTEST: make map_regm_with_backref require 1.7 * REGTEST: make abns_socket.vtc require 1.8 * REGTEST: fix host part in balance-uri-path-only.vtc * REGTESTS: add a few load balancing tests * DOC: agent-check: fix typo in "fail" word expected reply * DOC: spoa-server: fix false friends `actually` * BUG/MEDIUM: listeners: do not pause foreign listeners * BUG/MINOR: config: Fix memory leak on config parse listen * BUG/MINOR: Fix memory leaks cfg_parse_peers * BUG/MEDIUM: h2: report frame bits only for handled types * BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch * BUG/MINOR: server: report correct error message for invalid port on "socks4" * BUG/MINOR: ssl: verifyhost is case sensitive * BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate * BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers * BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned * BUILD: threads: better workaround for late loading of libgcc_s * BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections * BUG/MINOR: auth: report valid crypto(3) support depending on build options * CLEANUP: Update .gitignore * MINOR: Commit .gitattributes * BUILD: thread: limit the libgcc_s workaround to glibc only * BUG/MINOR: threads: work around a libgcc_s issue with chrooting * BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() * BUG/MEDIUM: doc: Fix replace-path action description * BUG/MINOR: startup: haproxy -s cause 100% cpu * BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address * BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure * BUG/MINOR: contrib/spoa-server: Do not free reference to NULL * BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed * BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak * DOC: cache: Use '' instead of '' in error message * BUG/MINOR: reload: do not fail when no socket is sent * BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction * BUG/MINOR: stats: use strncmp() instead of memcmp() on health states * BUG/MINOR: snapshots: leak of snapshots on deinit() * BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation * BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation * BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime * BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send * BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response * SCRIPTS: git-show-backports: emit the shell command to backport a commit * SCRIPTS: git-show-backports: make -m most only show the left branch * [RELEASE] Released version 2.0.17 * SCRIPTS: announce-release: add the link to the wiki in the announce messages * MINOR: stream-int: Be sure to have a mux to do sends and receives * MINOR: connection: Preinstall the mux for non-ssl connect * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation * MEDIUM: lua: Add support for the Lua 5.4 * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized * BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received * BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed * BUG/MAJOR: dns: Make the do-resolve action thread-safe * BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete * BUG/MEDIUM: resolve: fix init resolving for ring and peers section. * BUG/MINOR: cfgparse: don't increment linenum on incomplete lines * BUILD: thread: add parenthesis around values of locking macros * MINOR: pools: increase MAX_BASE_POOLS to 64 * BUG/MINOR: threads: Don't forget to init each thread toremove_lock. * REGEST: Add reg tests about error files * BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() * [RELEASE] Released version 2.0.16 * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode * CONTRIB: da: fix memory leak in dummy function da_atlas_open() * BUG/MINOR: sample: Free str.area in smp_check_const_meth * BUG/MINOR: sample: Free str.area in smp_check_const_bool * DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x * BUG/MEDIUM: stream-int: Disable connection retries on plain HTTP proxy mode * BUG/MAJOR: stream: Mark the server address as unset on new outgoing connection * MINOR: http: Add support for http 413 status * BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server * BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready * MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only * BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf() * BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received * BUG/MINOR: mux-h1: Disable splicing only if input data was processed * BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive * BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode * BUG/MINOR: http_act: don't check capture id in backend (2) * DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd- ratio * DOC: configuration: add missing index entries for tune.pool-{low,high}-fd- ratio * BUG/MINOR: proxy: always initialize the trash in show servers state * BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash * BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible * DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list * MINOR: cli: make "show sess" stop at the last known session * BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL * REGTEST: ssl: add some ssl_c_* sample fetches test * REGTEST: ssl: tests the ssl_f_* sample fetches * MINOR: spoe: Don't systematically create new applets if processing rate is low * BUG/MINOR: http_ana: clarify connection pointer check on L7 retry * BUG/MINOR: spoe: correction of setting bits for analyzer * REGTEST: Add a simple script to tests errorfile directives in proxy sections * BUG/MINOR: systemd: Wait for network to be online * MEDIUM: map: make the "clear map" operation yield * REGTEST: http-rules: test spaces in ACLs with master CLI * REGTEST: http-rules: test spaces in ACLs * BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI * BUG/MINOR: mworker/cli: fix the escaping in the master CLI * BUG/MINOR: cli: allow space escaping on the CLI * BUG/MINOR: spoe: add missing key length check before checking key names * BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks * BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness * MINOR: http: Add 404 to http-request deny * MINOR: http: Add 410 to http-request deny * [RELEASE] Released version 2.0.15 * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used * BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv * BUG/MEDIUM: pattern: fix thread safety of pattern matching * BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor * BUG/MINOR: mworker: fix a memleak when execvp() failed * BUG/MEDIUM: mworker: fix the reload with an -- option * BUG/MINOR: init: -S can have a parameter starting with a dash * BUG/MINOR: init: -x can have a parameter starting with a dash * BUG/MEDIUM: mworker: fix the copy of options in copy_argv() * BUILD: makefile: adjust the sed expression of "make help" for solaris * BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version * BUG/MEDIUM: logs: fix trailing zeros on log message. * BUG/MINOR: logs: prevent double line returns in some events. * BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics * BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations * BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action * BUG/MINOR: peers: fix internal/network key type mapping. * SCRIPTS: publish-release: pass -n to gzip to remove timestamp * Revert "BUG/MEDIUM: connections: force connections cleanup on server changes" * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf * BUG/MINOR: lua: Add missing string length for lua sticktable lookup * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified * BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() * BUILD: select: only declare existing local labels to appease clang * BUG/MINOR: soft-stop: always wake up waiting threads on stopping * BUG/MINOR: pollers: remove uneeded free in global init * BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer * BUG/MINOR: http-ana: fix NTLM response parsing again * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() * BUG/MINOR: sample: Set the correct type when a binary is converted to a string * CLEANUP: connections: align function declaration * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() * BUG/MEDIUM: connections: force connections cleanup on server changes * BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. * BUG/MINOR: checks: Remove a warning about http health checks * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks * BUG/MEDIUM: checks: Always initialize checks before starting them * BUG/MINOR: checks/server: use_ssl member must be signed * BUG/MEDIUM: server/checks: Init server check during config validity check * Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" * BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection * REGTEST: ssl: test the client certificate authentication * MINOR: stream: report the list of active filters on stream crashes * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock * BUG/MEDIUM: shctx: really check the lock's value while waiting * BUG/MINOR: debug: properly use long long instead of long for the thread ID * MINOR: threads: export the POSIX thread ID in panic dumps * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream * BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam * BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function * BUG/MINOR: checks: chained expect will not properly wait for enough data * BUG/MINOR: checks: Respect the no-check-ssl option * MINOR: checks: Add a way to send custom headers and payload during http chekcs * BUG/MINOR: check: Update server address and port to execute an external check * DOC: option logasap does not depend on mode * BUG/MINOR: http: make url_decode() optionally convert '+' to SP * BUG/MINOR: tools: fix the i386 version of the div64_32 function * BUG/MEDIUM: http-ana: Handle NTLM messages correctly. * BUG/MINOR: ssl: default settings for ssl server options are not used * DOC: Improve documentation on http-request set-src * DOC: hashing: update link to hashing functions * BUG/MINOR: peers: Incomplete peers sections should be validated. * BUG/MINOR: protocol_buffer: Wrong maximum shifting. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2119=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2119=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * haproxy-2.0.31-150200.11.20.1 * haproxy-debuginfo-2.0.31-150200.11.20.1 * haproxy-debugsource-2.0.31-150200.11.20.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * haproxy-2.0.31-150200.11.20.1 * haproxy-debuginfo-2.0.31-150200.11.20.1 * haproxy-debugsource-2.0.31-150200.11.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0056.html * https://www.suse.com/security/cve/CVE-2023-25725.html * https://bugzilla.suse.com/show_bug.cgi?id=1207181 * https://bugzilla.suse.com/show_bug.cgi?id=1208132 * https://jira.suse.com/browse/PED-3821 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:04:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:04:58 -0000 Subject: SUSE-FU-2023:2118-1: moderate: Feature update for haproxy Message-ID: <168353669829.2288.14016231155750237474@smelt2.suse.de> # Feature update for haproxy Announcement ID: SUSE-FU-2023:2118-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for haproxy fixes the following issues: Update to version 2.4.22. (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MINOR: ssl/crt-list: warn when a line is malformated * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section * BUG/MINOR: sink: free the forwarding task on exit * BUILD: hpack: include global.h for the trash that is needed in debug mode * BUG/MINOR: mux-h2: add missing traces on failed headers decoding * BUG/MINOR: listener: close tiny race between resume_listener() and stopping * DOC: config: fix "Address formats" chapter syntax * BUG/MINOR: mux-fcgi: Correctly set pathinfo * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" * DOC: config: fix wrong section number for "protocol prefixes" * BUG/MINOR: listeners: fix suspend/resume of inherited FDs * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses * CLEANUP: htx: fix a typo in an error message of http_str_to_htx * BUG/MINOR: http: Memory leak of http redirect rules' format string * REGTEST: fix the race conditions in hmac.vtc * REGTEST: fix the race conditions in digest.vtc * REGTEST: fix the race conditions in json_query.vtc * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * REGTESTS: startup: check maxconn computation * REGTESTS: fix the race conditions in iff.vtc * BUG/MAJOR: fcgi: Fix uninitialized reserved bytes * DOC: promex: Add missing backend metrics * MINOR: promex: introduce haproxy_backend_agg_check_status * BUG/MINOR: promex: create haproxy_backend_agg_server_status * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure * BUILD: peers: peers-t.h depends on stick-table-t.h * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * BUG/MEDIIM: stconn: Flush output data before forwarding close to write side * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * [RELEASE] Released version 2.4.20 * Revert "CI: determine actual OpenSSL version dynamically" * Revert "CI: switch to the "latest" LibreSSL" * SCRIPTS: announce-release: add a link to the data plane API * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: mention that a single monitor-uri rule is supported * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" * BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out * BUILD: http-htx: Silent build error about a possible NULL start-line * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * BUG/MINOR: log: fix parse_log_message rfc5424 size check * BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: ssl: don't initialize the keylog callback when not required * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes * BUG/MEDIUM: ring: fix creation of server in uninitialized ring * DOC: config: fix alphabetical ordering of global section * REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses * BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers * BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once * BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero- copy * BUG/MINOR: resolvers: Set port before IP address when processing SRV records * BUG/MINOR: http-htx: Fix error handling during parsing http replies * BUG/MEDIUM: wdt/clock: properly handle early task hangs * CI: emit the compiler's version in the build reports * CI: switch to the "latest" LibreSSL * BUG/MINOR: ssl: ocsp structure not freed properly in case of error * BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer * CI: add monthly gcc cross compile jobs * BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() * CI: SSL: temporarily stick to LibreSSL=3.5.3 * CI: SSL: use proper version generating when "latest" semantic is used * BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers * BUG/MINOR: sink: Only use backend capability for the sink proxies * BUG/MEDIUM: compression: handle rewrite errors when updating response headers * BUG/MINOR: ring: Properly parse connect timeout * BUG/MINOR: log: Preserve message facility when the log target is a ring buffer * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MINOR: server: make sure "show servers state" hides private bits * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUG/MINOR: backend: only enforce turn-around state when not redispatching * BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction * MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands * BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure * DOC: config: Fix pgsql-check documentation to make user param mandatory * BUG/MINOR: checks: update pgsql regex on auth packet * [RELEASE] Released version 2.4.19 * BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree * REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUILD: fd: fix a build warning on the DWCAS * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * DOC: fix TOC in starter guide for subsection 3.3.8. Statistics * REGTESTS: ssl/log: test the log-forward with SSL * BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. * REGTESTS: log: test the log-forward feature * REGTESTS: healthcheckmail: Relax matching on the healthcheck log message * BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' * MINOR: listener: small API change * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * CI: cirrus-ci: bump FreeBSD image to 13-1 * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: task: always reset a new tasklet's call date * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * BUILD: makefile: enable crypt(3) for NetBSD * BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support * BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber * BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input * BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) * BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to- date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * REGTESTS: Fix prometheus script to perform HTTP health-checks * BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MAJOR: mworker: fix infinite loop on master with no proxies. * BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict- req-hdr-names * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: ring: fix too lax 'size' parser * BUILD: debug: silence warning on gcc-5 * BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() * BUG/MEDIUM: poller: use fd_delete() to release the poller pipes * BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h * BUG/MINOR: sink: fix a race condition between the writer and the reader * BUG/MINOR: ring/cli: fix a race condition between the writer and the reader * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MEDIUM: dns: Properly initialize new DNS session * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions * MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups * MINOR: http-htx: Use new HTTP functions for the scheme based normalization * BUG/MEDIUM: h1: Improve authority validation for CONNCET request * MINOR: http: Add function to detect default port * MINOR: http: Add function to get port part of a host * BUG/MEDIUM: mworker: use default maxconn in wait mode * [RELEASE] Released version 2.4.18 * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUILD: add detection for unsupported compiler models * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload * REGTESTS: Fix some scripts to be compatible with 2.4 and prior * BUG/MINOR: tools: fix statistical_prng_range()'s output range * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX * BUG/MEDIUM: tools: avoid calling dlsym() in static builds * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer * REGTEESTS: filters: Fix CONNECT request in random-forwarding script * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule * BUG/MINOR: peers/config: always fill the bind_conf's argument * MINOR: fd: Add BUG_ON checks on fd_insert() * CI: re-enable gcc asan builds * BUILD: Makefile: Add Lua 5.4 autodetect * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: ssl: Do not look for key in extra files if already in pem * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration * BUG/MINOR: cli/stats: add missing trailing LF after "show info json" * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs * REGTESTS: healthcheckmail: Relax health-check failure condition * REGTESTS: healthcheckmail: Update the test to be functionnal again * BUG/MINOR: checks: Properly handle email alerts in trace messages * BUG/MINOR: trace: Test server existence for health-checks to get proxy * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: restrict_req_hdr_names: Extend supported versions * REGTESTS: http_abortonclose: Extend supported versions * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails * DOC: intro: adjust the numbering of paragrams to keep the output ordered * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str * CI: determine actual OpenSSL version dynamically * BUILD/MINOR: cpuset fix build for FreeBSD 13.1 * BUG/MINOR: peers: fix error reporting of "bind" lines * BUG/MINOR: cfgparse: abort earlier in case of allocation error * BUG/MINOR: check: Reinit the buffer wait list at the end of a check * BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() * REGTESTS: abortonclose: Fix some race conditions * BUG/MINOR: ssl: Fix crash when no private key is found in pem * MINOR: tools: add get_exec_path implementation for solaris based systems. * BUILD: fix build warning on solaris based systems with __maybe_unused. * MEDIUM: http-ana: Add a proxy option to restrict chars in request header names * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.4.17 * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * [RELEASE] Released version 2.4.16 * BUILD: opentracing: Fix OT build due to misuse of var_clear() * BUILD: proto_uxst: do not set unused flag * BUILD: sockpair: do not set unused flag * BUILD: fd: remove unused variable totlen in fd_write_frag_line() * CLEANUP: acl: Remove unused variable when releasing an acl expression * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUILD: compiler: properly distinguish weak and global symbols * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks * MINOR: task: add a new task_instant_wakeup() function * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments * DOC: remove my name from the config doc * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added * BUG/MEDIUM: stream: do not abort connection setup too early * BUILD: compiler: use a more portable set of asm(".weak") statements * BUILD: sched: workaround crazy and dangerous warning in Clang 14 * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep- alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: cirrus: switch to FreeBSD-13.0 * CI: Update to actions/cache at v3 * CI: Update to actions/checkout at v3 * DEBUG: opentracing: show return values of all functions in the debug output * CLEANUP: opentracing: added variable to store variable length * CLEANUP: opentracing: added flt_ot_smp_init() function * CLEANUP: opentracing: removed unused function flt_ot_var_get() * CLEANUP: opentracing: removed unused function flt_ot_var_unset() * DOC: opentracing: corrected comments in function descriptions * EXAMPLES: opentracing: refined shell scripts for testing filter performance * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests * CI: github actions: update OpenSSL to 3.0.2 * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads * BUG/MINOR: samples: add missing context names for sample fetch functions * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing * BUG/MINOR: tools: url2sa reads too far when no port nor path * DOC: config: Explictly add supported MQTT versions * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUG/MINOR: server/ssl: free the SNI sample expression * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.4.15 * BUILD: tree-wide: mark a few numeric constants as explicitly long long * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * DEBUG: stream: Fix stream trace message to print response buffer state * DEBUG: stream: Add the missing descriptions for stream trace events * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MINOR: add missing modes in proxy_mode_str() * BUILD: pools: fix backport of no-memory-trimming on non-linux OS * MINOR: pools: add a new global option "no-memory-trimming" * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed * BUG/MINOR: pool: always align pool_heads to 64 bytes * REGTESTS: fix the race conditions in secure_memcmp.vtc * REGTESTS: fix the race conditions in normalize_uri.vtc * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() * CI: github actions: use cache for SSL libs * CI: github actions: use cache for OpenTracing * CI: github actions: add OpenTracing builds * CI: github actions: add the output of $CC -dM -E- * [RELEASE] Released version 2.4.14 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: github actions: update OpenSSL to 3.0.1 * CI: github: switch to OpenSSL 3.0.0 * CI: github actions: relax OpenSSL-3.0.0 version comparision * CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 * CI: github actions: add OpenSSL-3.0.0 builds * BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * [RELEASE] Released version 2.4.13 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error * [RELEASE] Released version 2.4.12 * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * [RELEASE] Released version 2.4.11 * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * BUILD/MINOR: cpuset FreeBSD 14 build fix. * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: proxy: add option idle-close-on-response * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * [RELEASE] Released version 2.4.10 * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * MINOR: pools: work around possibly slow malloc_trim() during gc * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * CI: Github Actions: temporarily disable BoringSSL builds * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUILD/MINOR: server: fix compilation without SSL * [RELEASE] Released version 2.4.9 * BUG/MINOR: cache: Fix loop on cache entries in "show cache" * MINOR: promex: backend aggregated server check status * MINOR: server: add ws keyword * MEDIUM: server/backend: implement websocket protocol selection * MINOR: connection: add alternative mux_ops param for conn_install_mux_be * MINOR: connection: implement function to update ALPN * MINOR: stream/mux: implement websocket stream flag * BUG/MINOR: ssl: make SSL counters atomic * MINOR: shctx: add a few BUG_ON() for consistency checks * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: cache/cli: make "show cache" thread-safe * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * CLEANUP: ssl: fix wrong #else commentary * BUG/MINOR: ssl: free correctly the sni in the backend SSL cache * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * BUILD: makefile: simplify detection of libatomic * BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * MINOR: mux-h1: Slightly Improve H1 traces * DOC: lua: Be explicit with the Reply object limits * Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MINOR: cache: properly ignore unparsable max-age in quotes * BUG/MINOR: resolvers: throw log message if trash not large enough for query * BUG/MINOR: resolvers: fix sent messages were counted twice * BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support * MINOR: mux-h2: add trace on extended connect usage * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2118=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2118=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2118=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2118=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2118=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2118=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2118=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1 ## References: * https://jira.suse.com/browse/PED-3821 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:00 -0000 Subject: SUSE-FU-2023:2117-1: moderate: Feature update for haproxy Message-ID: <168353670061.2288.16723267526694896179@smelt2.suse.de> # Feature update for haproxy Announcement ID: SUSE-FU-2023:2117-1 Rating: moderate References: * #1207181 * #1208132 Cross-References: * CVE-2023-0056 * CVE-2023-25725 CVSS scores: * CVE-2023-0056 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0056 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25725 ( SUSE ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L * CVE-2023-25725 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for haproxy fixes the following issues: Update to version 2.0.31 (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * SCRIPTS: announce-release: add a link to the data plane API * [RELEASE] Released version 2.0.30 * Revert "CI: determine actual LibreSSL version dynamically" * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * CI: emit the compiler's version in the build reports * CI: add monthly gcc cross compile jobs * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUILD: cfgparse: Fix GCC warning about a variable used after realloc * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to- date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: peers/config: always fill the bind_conf's argument * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MINOR: peers: fix error reporting of "bind" lines * REGTESTS: abortonclose: Fix some race conditions * BUILD: fix build warning on solaris based systems with __maybe_unused. * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.0.29 * BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * BUILD: sockpair: do not set unused flag * BUILD: proto_uxst: do not set unused flag * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * DOC: remove my name from the config doc * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep- alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: Update to actions/cache at v3 * CI: Update to actions/checkout at v3 * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MINOR: tools: url2sa reads too far when no port nor path * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUILD: dns: fix backport of previous dns fix * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * Revert "BUG/MAJOR: mux-pt: Always destroy the backend connection on detach" * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.0.28 * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * DOC: use the req.ssl_sni in examples * DOC: ssl: req_ssl_sni needs implicit TLS * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * CLEANUP: atomic: add a fetch-and-xxx variant for common operations * CI: github actions: use cache for SSL libs * CI: github actions: add the output of $CC -dM -E- * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * [RELEASE] Released version 2.0.27 * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: http: fix recent regression on authorization in legacy mode * Revert "BUG/MEDIUM: resolvers: always check a valid item in query_list" * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * MINOR: ssl: make tlskeys_list_get_next() take a list element * CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() * CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * MINOR: cli: "show version" displays the current process version * BUILD: general: always pass unsigned chars to is* functions * CLEANUP: peers: Remove unused static function `free_dcache_tx` * CLEANUP: peers: Remove unused static function `free_dcache` * REGTESTS: mark the abns test as broken again * BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME} * BUILD: makefile: add entries to build common debugging tools * CI: Github Actions: temporarily disable BoringSSL builds * CI: Github Actions: switch to LibreSSL-3.3.3 * CI: github actions: update LibreSSL to 3.2.5 * Revert "CI: Pin VTest to a known good commit" * CI: github actions: switch to stable LibreSSL release * CI: Fix the coverity builds * CI: Fix DEBUG_STRICT definition for Coverity * CI: Pin VTest to a known good commit * CI: github actions: build several popular "contrib" tools * CI: GitHub Actions: enable daily Coverity scan * CI: github actions: enable 51degrees feature * CI: github actions: update LibreSSL to 3.3.0 * CI: Clean up Windows CI * CI: Pass the github.event_name to matrix.py * CI: Github Action: run "apt-get update" before packages restore * CI: Github Actions: enable BoringSSL builds * CI: Github Actions: remove LibreSSL-3.0.2 builds * CI: Github Actions: enable prometheus exporter * CI: Stop hijacking the hosts file * CI: Expand use of GitHub Actions for CI * [RELEASE] Released version 2.0.26 * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * CLEANUP: ssl: Release cached SSL sessions on deinit * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary * MINOR: htx: Add a function to know if the free space wraps * MINOR: htx: Add an HTX flag to know when a message is fragmented * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check * MINOR: stream: Improve dump of bogus streams * DOC: config: Fix alphabetical order of fc_* samples * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT * CLEANUP: always initialize the answer_list * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame * BUG/MEDIUM: resolvers: always check a valid item in query_list * BUILD: resolvers: avoid a possible warning on null-deref * MINOR: resolvers: merge address and target into a union "data" * BUG/MEDIUM: resolvers: use correct storage for the target address * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records * BUG/MEDIUM: resolver: make sure to always use the correct hostname length * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero * BUG/MEDIUM: sample: properly verify that variables cast to sample * MINOR: sample: provide a generic var-to-sample conversion function * CLEANUP: sample: uninline sample_conv_var2smp_str() * CLEANUP: sample: rename sample_conv_var2smp() to *_sint * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release * BUG/MINOR: filters: Set right FLT_END analyser depending on channel * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input * BUG/MAJOR: lua: use task_wakeup() to properly run a task once * BUG/MEDIUM: lua: fix wakeup condition from sleep() * DOC: peers: fix doc "enable" statement on "peers" sections * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer * BUG/MINOR: server: allow 'enable health' only if check configured * Revert "REGTESTS: mark http_abortonclose as broken" * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached * MEDIUM: actions: Fix block ACL. * BUG/MINOR: stats: fix the POST requests processing in legacy mode * BUG/MEDIUM: http: check for a channel pending data before waiting * BUG/MINOR: cli/payload: do not search for args inside payload * BUG/MINOR: compat: make sure __WORDSIZE is always defined * BUG/MINOR: systemd: ExecStartPre must use -Ws * [RELEASE] Released version 2.0.25 * REGTESTS: mark http_abortonclose as broken * MINOR: action: Use a generic function to check validity of an action rule list * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * REGTESTS: abortonclose: after retries, 503 is expected, not close * BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- * [RELEASE] Released version 2.0.24 * REGTESTS: add a test to prevent h2 desync attacks * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header * DOC/MINOR: fix typo in management document * MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade * DOC: config: Fix 'http-response send-spoe-group' documentation * DOC: Improve the lua documentation * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure * BUG/MINOR: server: update last_change on maint->ready transitions too * BUG/MINOR: connection: Add missing error labels to conn_err_code_str * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames * BUG/MINOR: mux-h2: Obey dontlognull option during the preface * BUG/MINOR: systemd: must check the configuration using -Ws * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected * BUILD: add detection of missing important CFLAGS * BUG/MEDIUM: tcp-check: Do not dereference inexisting connection * [RELEASE] Released version 2.0.23 * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled * BUG/MINOR: server-state: load SRV resolution only if params match the config * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MEDIUM: memory: make pool_gc() run under thread isolation * BUG/MEDIUM: pools: Always update free_list in pool_gc(). * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS * Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response * DOC: config: use CREATE USER for mysql-check * DOC: peers: fix the protocol tag name in the doc * DOC: stick-table: add missing documentation about gpt0 stored type * BUG/MINOR: stick-table: fix several printf sign errors dumping tables * BUG/MINOR: cli: fix server name output in "show fd" * BUG/MEDIUM: sock: make sure to never miss early connection failures * BUG/MINOR: server/cli: Fix locking in function processing "set server" command * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI * BUG/MINOR: resolvers: answser item list was randomly purged or errors * DOC: config: Add missing actions in "tcp-request session" documentation * MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check * BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function * BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * BUG/MEDIUM: dns: reset file descriptor if send returns an error * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp- request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry * REGTESTS: Add script to test abortonclose option * MEDIUM: mux-h1: Don't block reads when waiting for the other side * BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive * MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() * BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port * BUG/MINOR: stream: Reset stream final state and si error type on L7 retry * BUG/MINOR: stream: properly clear the previous error mask on L7 retries * BUG/MINOR: stream: Decrement server current session counter on L7 retry * BUG/MEDIUM: cli: prevent memory leak on write errors * BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers * MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode * MINOR: peers: add informative flags about resync process for debugging * BUG/MEDIUM: peers: reset tables stage flags stages on new conns * BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly * BUG/MEDIUM: peers: reset commitupdate value in new conns * BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected * BUG/MEDIUM: peers: stop considering ack messages teaching a full resync * BUG/MEDIUM: peers: register last acked value as origin receiving a resync req * BUG/MEDIUM: peers: initialize resync timer to get an initial full resync * BUG/MINOR: applet: Notify the other side if data were consumed by an applet * BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message * BUG/MEDIUM: peers: re-work refcnt on table to protect against flush * BUG/MEDIUM: peers: re-work connection to new process during reload. * BUG/MINOR: peers: remove useless table check if initial resync is finished * BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data * BUG/MINOR: mworker: don't use oldpids[] anymore for reload * BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases * BUG/MEDIUM: config: fix cpu-map notation with both process and threads * BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames * BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers * BUG/MINOR: server: free srv.lb_nodes in free_server * BUG/MINOR: mux-h1: Release idle server H1 connection if data are received * BUG/MINOR: logs: Report the true number of retries if there was no connection * BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function * BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded * BUG/MEDIUM: threads: Ignore current thread to end its harmless period * BUG/MEDIUM: sample: Fix adjusting size in field converter * DOC: clarify that compression works for HTTP/2 * BUG/MINOR: tools: fix parsing "us" unit for timers * DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options * [RELEASE] Released version 2.0.22 * BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks * MINOR: resolvers: Directly call srvrq_update_srv_state() when possible * MINOR: resolvers: Add function to change the srv status based on SRV resolution * MINOR: resolvers: Purge answer items when a SRV resolution triggers an error * MINOR: resolvers: Use a function to remove answers attached to a resolution * BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution * BUG/MAJOR: dns: disabled servers through SRV records never recover * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status * BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields * BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS * BUG/MINOR: tcp: fix silent-drop workaround for IPv6 * BUG/MINOR: stats: Apply proper styles in HTML status page. * BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent * BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters * MINOR: tools: make url2ipv4 return the exact number of bytes parsed * BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless * BUG/MEDIUM: time: make sure to always initialize the global tick * BUG/MEDIUM: lua: Always init the lua stack before referencing the context * BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback * MINOR: lua: Slightly improve function dumping the lua traceback * MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket * BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable * MINOR: time: also provide a global, monotonic global_now_ms timer * [RELEASE] Released version 2.0.21 * BUG/MINOR: freq_ctr/threads: make use of the last updated global time * MINOR: time: export the global_now variable * BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames * BUG/MINOR: resolvers: Reset server address on DNS error only on status change * BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error * CLEANUP: tcp-rules: add missing actions in the tcp-request error message * BUG/MINOR: session: Add some forgotten tests on session's listener * BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters * BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached * BUG/MEDIUM: session: NULL dereference possible when accessing the listener * BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode * BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() * BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout * DOC: spoe: Add a note about fragmentation support in HAProxy * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 * BUG/MINOR: connection: Use the client's dst family for adressless servers * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule * BUG/MINOR: http-ana: Only consider dst address to process originalto option * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() * BUG/MEDIUM: resolvers: Reset address for unresolved servers * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records * BUG/MINOR: resolvers: new callback to properly handle SRV record errors * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe * BUG/MINOR: sample: secure convs that accept base64 string and var name as args * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line * BUG/MINOR: server: Init params before parsing a new server-state line * BUG/MINOR: sample: Always consider zero size string samples as unsafe * BUG/MINOR: checks: properly handle wrapping time in __health_adjust() * BUG/MINOR: session: atomically increment the tracked sessions counter * BUG/MINOR: server: Remove RMAINT from admin state when loading server state * CLEANUP: channel: fix comment in ci_putblk. * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL * BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines * BUG/MEDIUM: config: don't pick unset values from last defaults section * CLEANUP: deinit: release global and per-proxy server-state variables on deinit * BUG/MINOR: server: Fix server-state-file-name directive * BUG/MINOR: backend: hold correctly lock when killing idle conn * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() * BUG/MINOR: server: re-align state file fields number * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state * BUG/MEDIUM: mux-h2: Be sure to enter in demux loop even if dbuf is empty * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED * BUG/MEDIUM: mux-h2: handle remaining read0 cases * BUILD: Makefile: move REGTESTST_TYPE default setting * BUG/MINOR: xxhash: make sure armv6 uses memcpy() * BUG/MEDIUM: ssl: check a connection's status before computing a handshake * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list * DOC: management: fix "show resolvers" alphabetical ordering * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable * BUG/MINOR: sample: Memory leak of sample_expr structure in case of error * BUG/MINOR: sample: check alloc_trash_chunk return value in concat() * [RELEASE] Released version 2.0.20 * BUG/MINOR: sample: fix concat() converter's corruption with non-string variables * DOC: Add maintainers for the Prometheus exporter * SCRIPTS: announce-release: fix typo in help message * DOC: fix some spelling issues over multiple files * MINOR: contrib/prometheus-exporter: export build_info * BUILD: Makefile: exclude broken tests by default * BUG/MINOR: srv: do not init address if backend is disabled * SCRIPTS: make announce release support preparing announces before tag exists * SCRIPTS: improve announce-release to support different tag and versions * BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails * MINOR: atomic: don't use ; to separate instruction on aarch64. * BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h * BUILD: plock: remove dead code that causes a warning in gcc 11 * CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps * CONTRIB: halog: mark the has_zero* functions unused * CONTRIB: halog: fix build issue caused by %L printf format * BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode * BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests * BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well * REGTESTS: make use of HAPROXY_ARGS and pass -dM by default * CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric * CLEANUP: lua: Remove declaration of an inexistant function * BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight * BUG/MINOR: tools: Reject size format not starting by a digit * BUG/MINOR: tools: make parse_time_err() more strict on the timer validity * DOC: email change of the DeviceAtlas maintainer * BUG/MEDIUM: spoa/python: Fixing references to None * BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments * BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails * BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations * DOC: spoa/python: Fixing typos in comments * DOC: spoa/python: Rephrasing memory related error messages * DOC: spoa/python: Fixing typo in IP related error messages * BUG/MAJOR: spoa/python: Fixing return None * DOC/MINOR: Fix formatting in Management Guide * BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times * MINOR: cli: add a function to look up a CLI service description * MINOR: actions: add a function returning a service pointer from its name * MINOR: actions: Export actions lookup functions * BUG/MINOR: lua: Some lua init operation are processed unsafe * BUG/MINOR: lua: Post init register function are not executed beyond the first one * BUG/MINOR: lua: lua-load doesn't check its parameters * MINOR: plock: use an ARMv8 instruction barrier for the pause instruction * DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section * BUG/MAJOR: peers: fix partial message decoding * BUG/MAJOR: filters: Always keep all offsets up to date during data filtering * BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests * BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering * BUILD: http-htx: fix build warning regarding long type in printf * MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. * MINOR: spoe: Don't close connection in sync mode on processing timeout * BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet * BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches * BUG/MINOR: http-fetch: Extract cookie value even when no cookie name * BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages * BUG/MINOR: peers: Missing TX cache entries reset. * BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. * BUG/MINOR: lua: set buffer size during map lookups * BUG/MINOR: pattern: a sample marked as const could be written * [RELEASE] Released version 2.0.19 * BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L * MINOR: http-htx: Add understandable errors for the errorfiles parsing * BUG/MEDIUM: stick-table: limit the time spent purging old entries * BUG/MINOR: filters: Skip disabled proxies during startup only * BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade * MINOR: server: Copy configuration file and line for server templates * BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup * BUG/MEDIUM: filters: Don't try to init filters for disabled proxies * BUG/MINOR: cache: Inverted variables in http_calc_maxage function * BUG/MINOR: lua: initialize sample before using it * BUG/MINOR: server: fix down_time report for stats * BUG/MINOR: server: fix srv downtime calcul on starting * BUG/MINOR: log: fix memory leak on logsrv parse error * BUG/MINOR: extcheck: add missing checks on extchk_setenv() * BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible * BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests * BUG/MEDIUM: server: support changing the slowstart value from state-file * BUG/MINOR: queue: properly report redistributed connections * BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. * BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn * BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages * BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided * BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once * MINOR: fd: report an error message when failing initial allocations * BUG/MINOR: mux-h2: do not stop outgoing connections on stopping * BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited * BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf(). * BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses * BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams * BUG/MINOR: mux-h1: Always set the session on frontend h1 stream * BUG/MINOR: peers: Inconsistency when dumping peer status codes. * MINOR: hlua: Display debug messages on stderr only in debug mode * BUG/MINOR: stats: fix validity of the json schema * MINOR: counters: fix a typo in comment * BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe * BUG/MINOR: Fix several leaks of 'log_tag' in init(). * BUILD: makefile: Fix building with closefrom() support enabled * DOC: ssl: crt-list negative filters are only a hint * [RELEASE] Released version 2.0.18 * REGTEST: make map_regm_with_backref require 1.7 * REGTEST: make abns_socket.vtc require 1.8 * REGTEST: fix host part in balance-uri-path-only.vtc * REGTESTS: add a few load balancing tests * DOC: agent-check: fix typo in "fail" word expected reply * DOC: spoa-server: fix false friends `actually` * BUG/MEDIUM: listeners: do not pause foreign listeners * BUG/MINOR: config: Fix memory leak on config parse listen * BUG/MINOR: Fix memory leaks cfg_parse_peers * BUG/MEDIUM: h2: report frame bits only for handled types * BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch * BUG/MINOR: server: report correct error message for invalid port on "socks4" * BUG/MINOR: ssl: verifyhost is case sensitive * BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate * BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers * BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned * BUILD: threads: better workaround for late loading of libgcc_s * BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections * BUG/MINOR: auth: report valid crypto(3) support depending on build options * CLEANUP: Update .gitignore * MINOR: Commit .gitattributes * BUILD: thread: limit the libgcc_s workaround to glibc only * BUG/MINOR: threads: work around a libgcc_s issue with chrooting * BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() * BUG/MEDIUM: doc: Fix replace-path action description * BUG/MINOR: startup: haproxy -s cause 100% cpu * BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address * BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure * BUG/MINOR: contrib/spoa-server: Do not free reference to NULL * BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed * BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak * DOC: cache: Use '' instead of '' in error message * BUG/MINOR: reload: do not fail when no socket is sent * BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction * BUG/MINOR: stats: use strncmp() instead of memcmp() on health states * BUG/MINOR: snapshots: leak of snapshots on deinit() * BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation * BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation * BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime * BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send * BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response * SCRIPTS: git-show-backports: emit the shell command to backport a commit * SCRIPTS: git-show-backports: make -m most only show the left branch * [RELEASE] Released version 2.0.17 * SCRIPTS: announce-release: add the link to the wiki in the announce messages * MINOR: stream-int: Be sure to have a mux to do sends and receives * MINOR: connection: Preinstall the mux for non-ssl connect * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation * MEDIUM: lua: Add support for the Lua 5.4 * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized * BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received * BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed * BUG/MAJOR: dns: Make the do-resolve action thread-safe * BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete * BUG/MEDIUM: resolve: fix init resolving for ring and peers section. * BUG/MINOR: cfgparse: don't increment linenum on incomplete lines * BUILD: thread: add parenthesis around values of locking macros * MINOR: pools: increase MAX_BASE_POOLS to 64 * BUG/MINOR: threads: Don't forget to init each thread toremove_lock. * REGEST: Add reg tests about error files * BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() * [RELEASE] Released version 2.0.16 * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode * CONTRIB: da: fix memory leak in dummy function da_atlas_open() * BUG/MINOR: sample: Free str.area in smp_check_const_meth * BUG/MINOR: sample: Free str.area in smp_check_const_bool * DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x * BUG/MEDIUM: stream-int: Disable connection retries on plain HTTP proxy mode * BUG/MAJOR: stream: Mark the server address as unset on new outgoing connection * MINOR: http: Add support for http 413 status * BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server * BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready * MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only * BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf() * BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received * BUG/MINOR: mux-h1: Disable splicing only if input data was processed * BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive * BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode * BUG/MINOR: http_act: don't check capture id in backend (2) * DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd- ratio * DOC: configuration: add missing index entries for tune.pool-{low,high}-fd- ratio * BUG/MINOR: proxy: always initialize the trash in show servers state * BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash * BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible * DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list * MINOR: cli: make "show sess" stop at the last known session * BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL * REGTEST: ssl: add some ssl_c_* sample fetches test * REGTEST: ssl: tests the ssl_f_* sample fetches * MINOR: spoe: Don't systematically create new applets if processing rate is low * BUG/MINOR: http_ana: clarify connection pointer check on L7 retry * BUG/MINOR: spoe: correction of setting bits for analyzer * REGTEST: Add a simple script to tests errorfile directives in proxy sections * BUG/MINOR: systemd: Wait for network to be online * MEDIUM: map: make the "clear map" operation yield * REGTEST: http-rules: test spaces in ACLs with master CLI * REGTEST: http-rules: test spaces in ACLs * BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI * BUG/MINOR: mworker/cli: fix the escaping in the master CLI * BUG/MINOR: cli: allow space escaping on the CLI * BUG/MINOR: spoe: add missing key length check before checking key names * BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks * BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness * MINOR: http: Add 404 to http-request deny * MINOR: http: Add 410 to http-request deny * [RELEASE] Released version 2.0.15 * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used * BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation * REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv * BUG/MEDIUM: pattern: fix thread safety of pattern matching * BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor * BUG/MINOR: mworker: fix a memleak when execvp() failed * BUG/MEDIUM: mworker: fix the reload with an -- option * BUG/MINOR: init: -S can have a parameter starting with a dash * BUG/MINOR: init: -x can have a parameter starting with a dash * BUG/MEDIUM: mworker: fix the copy of options in copy_argv() * BUILD: makefile: adjust the sed expression of "make help" for solaris * BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version * BUG/MEDIUM: logs: fix trailing zeros on log message. * BUG/MINOR: logs: prevent double line returns in some events. * BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics * BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations * BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action * BUG/MINOR: peers: fix internal/network key type mapping. * SCRIPTS: publish-release: pass -n to gzip to remove timestamp * Revert "BUG/MEDIUM: connections: force connections cleanup on server changes" * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf * BUG/MINOR: lua: Add missing string length for lua sticktable lookup * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified * BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() * BUILD: select: only declare existing local labels to appease clang * BUG/MINOR: soft-stop: always wake up waiting threads on stopping * BUG/MINOR: pollers: remove uneeded free in global init * BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer * BUG/MINOR: http-ana: fix NTLM response parsing again * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() * BUG/MINOR: sample: Set the correct type when a binary is converted to a string * CLEANUP: connections: align function declaration * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() * BUG/MEDIUM: connections: force connections cleanup on server changes * BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. * BUG/MINOR: checks: Remove a warning about http health checks * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks * BUG/MEDIUM: checks: Always initialize checks before starting them * BUG/MINOR: checks/server: use_ssl member must be signed * BUG/MEDIUM: server/checks: Init server check during config validity check * Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" * BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection * REGTEST: ssl: test the client certificate authentication * MINOR: stream: report the list of active filters on stream crashes * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock * BUG/MEDIUM: shctx: really check the lock's value while waiting * BUG/MINOR: debug: properly use long long instead of long for the thread ID * MINOR: threads: export the POSIX thread ID in panic dumps * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream * BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam * BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function * BUG/MINOR: checks: chained expect will not properly wait for enough data * BUG/MINOR: checks: Respect the no-check-ssl option * MINOR: checks: Add a way to send custom headers and payload during http chekcs * BUG/MINOR: check: Update server address and port to execute an external check * DOC: option logasap does not depend on mode * BUG/MINOR: http: make url_decode() optionally convert '+' to SP * BUG/MINOR: tools: fix the i386 version of the div64_32 function * BUG/MEDIUM: http-ana: Handle NTLM messages correctly. * BUG/MINOR: ssl: default settings for ssl server options are not used * DOC: Improve documentation on http-request set-src * DOC: hashing: update link to hashing functions * BUG/MINOR: peers: Incomplete peers sections should be validated. * BUG/MINOR: protocol_buffer: Wrong maximum shifting. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2117=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-2.0.31-150100.8.31.1 * haproxy-debugsource-2.0.31-150100.8.31.1 * haproxy-2.0.31-150100.8.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0056.html * https://www.suse.com/security/cve/CVE-2023-25725.html * https://bugzilla.suse.com/show_bug.cgi?id=1207181 * https://bugzilla.suse.com/show_bug.cgi?id=1208132 * https://jira.suse.com/browse/PED-3821 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:01 -0000 Subject: SUSE-RU-2023:2114-1: moderate: Recommended update for python310-setuptools Message-ID: <168353670153.2288.3551107803242075006@smelt2.suse.de> # Recommended update for python310-setuptools Announcement ID: SUSE-RU-2023:2114-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for python310-setuptools fixes the following issues: * Update to 67.6.1 * Support of pyproject.toml (jsc#PED-3765) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2114=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2114=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python310-setuptools-67.6.1-150400.4.6.1 * Python 3 Module 15-SP4 (noarch) * python310-setuptools-67.6.1-150400.4.6.1 ## References: * https://jira.suse.com/browse/PED-3765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:03 -0000 Subject: SUSE-SU-2023:2112-1: moderate: Security update for ncurses Message-ID: <168353670317.2288.17024469948551268130@smelt2.suse.de> # Security update for ncurses Announcement ID: SUSE-SU-2023:2112-1 Rating: moderate References: * #1210434 Cross-References: * CVE-2023-29491 CVSS scores: * CVE-2023-29491 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29491 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issues: * CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2112=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2112=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2112=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2112=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ncurses-devel-debuginfo-5.9-81.1 * ncurses-devel-5.9-81.1 * ncurses-debugsource-5.9-81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libncurses6-5.9-81.1 * libncurses5-debuginfo-5.9-81.1 * ncurses-devel-5.9-81.1 * libncurses6-debuginfo-5.9-81.1 * ncurses-devel-debuginfo-5.9-81.1 * terminfo-base-5.9-81.1 * libncurses5-5.9-81.1 * tack-5.9-81.1 * ncurses-utils-5.9-81.1 * ncurses-debugsource-5.9-81.1 * tack-debuginfo-5.9-81.1 * ncurses-utils-debuginfo-5.9-81.1 * terminfo-5.9-81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libncurses5-32bit-5.9-81.1 * libncurses5-debuginfo-32bit-5.9-81.1 * libncurses6-32bit-5.9-81.1 * libncurses6-debuginfo-32bit-5.9-81.1 * ncurses-devel-32bit-5.9-81.1 * ncurses-devel-debuginfo-32bit-5.9-81.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libncurses6-5.9-81.1 * libncurses5-debuginfo-5.9-81.1 * ncurses-devel-5.9-81.1 * libncurses6-debuginfo-5.9-81.1 * ncurses-devel-debuginfo-5.9-81.1 * terminfo-base-5.9-81.1 * libncurses5-5.9-81.1 * tack-5.9-81.1 * ncurses-utils-5.9-81.1 * ncurses-debugsource-5.9-81.1 * tack-debuginfo-5.9-81.1 * ncurses-utils-debuginfo-5.9-81.1 * terminfo-5.9-81.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libncurses5-32bit-5.9-81.1 * libncurses5-debuginfo-32bit-5.9-81.1 * libncurses6-32bit-5.9-81.1 * libncurses6-debuginfo-32bit-5.9-81.1 * ncurses-devel-32bit-5.9-81.1 * ncurses-devel-debuginfo-32bit-5.9-81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libncurses6-5.9-81.1 * libncurses5-debuginfo-5.9-81.1 * ncurses-devel-5.9-81.1 * libncurses6-debuginfo-5.9-81.1 * ncurses-devel-debuginfo-5.9-81.1 * terminfo-base-5.9-81.1 * libncurses5-5.9-81.1 * tack-5.9-81.1 * ncurses-utils-5.9-81.1 * ncurses-debugsource-5.9-81.1 * tack-debuginfo-5.9-81.1 * ncurses-utils-debuginfo-5.9-81.1 * terminfo-5.9-81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libncurses5-32bit-5.9-81.1 * libncurses5-debuginfo-32bit-5.9-81.1 * libncurses6-32bit-5.9-81.1 * libncurses6-debuginfo-32bit-5.9-81.1 * ncurses-devel-32bit-5.9-81.1 * ncurses-devel-debuginfo-32bit-5.9-81.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29491.html * https://bugzilla.suse.com/show_bug.cgi?id=1210434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:04 -0000 Subject: SUSE-SU-2023:2111-1: moderate: Security update for ncurses Message-ID: <168353670493.2288.3133567189770292657@smelt2.suse.de> # Security update for ncurses Announcement ID: SUSE-SU-2023:2111-1 Rating: moderate References: * #1210434 Cross-References: * CVE-2023-29491 CVSS scores: * CVE-2023-29491 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29491 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issues: * CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2111=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2111=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2111=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2111=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2111=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2111=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2111=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2111=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2111=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2111=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2111=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2111=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2111=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * openSUSE Leap 15.4 (x86_64) * libncurses5-32bit-debuginfo-6.1-150000.5.15.1 * libncurses6-32bit-debuginfo-6.1-150000.5.15.1 * libncurses6-32bit-6.1-150000.5.15.1 * libncurses5-32bit-6.1-150000.5.15.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.15.1 * ncurses-devel-32bit-6.1-150000.5.15.1 * ncurses5-devel-32bit-6.1-150000.5.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terminfo-screen-6.1-150000.5.15.1 * ncurses-debugsource-6.1-150000.5.15.1 * ncurses-devel-debuginfo-6.1-150000.5.15.1 * libncurses5-debuginfo-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * libncurses5-6.1-150000.5.15.1 * terminfo-iterm-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * tack-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * ncurses5-devel-6.1-150000.5.15.1 * tack-debuginfo-6.1-150000.5.15.1 * ncurses-devel-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terminfo-screen-6.1-150000.5.15.1 * ncurses-debugsource-6.1-150000.5.15.1 * ncurses-devel-debuginfo-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-iterm-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * tack-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * tack-debuginfo-6.1-150000.5.15.1 * ncurses-devel-6.1-150000.5.15.1 * Basesystem Module 15-SP4 (x86_64) * libncurses6-32bit-debuginfo-6.1-150000.5.15.1 * libncurses6-32bit-6.1-150000.5.15.1 * Development Tools Module 15-SP4 (x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.15.1 * ncurses-devel-32bit-6.1-150000.5.15.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ncurses5-devel-6.1-150000.5.15.1 * libncurses5-6.1-150000.5.15.1 * ncurses-debugsource-6.1-150000.5.15.1 * libncurses5-debuginfo-6.1-150000.5.15.1 * Legacy Module 15-SP4 (x86_64) * libncurses5-32bit-6.1-150000.5.15.1 * libncurses5-32bit-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * terminfo-screen-6.1-150000.5.15.1 * ncurses-debugsource-6.1-150000.5.15.1 * ncurses-devel-debuginfo-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * libncurses6-32bit-6.1-150000.5.15.1 * terminfo-iterm-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.15.1 * libncurses6-32bit-debuginfo-6.1-150000.5.15.1 * ncurses-devel-32bit-6.1-150000.5.15.1 * tack-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * tack-debuginfo-6.1-150000.5.15.1 * ncurses-devel-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * ncurses-debugsource-6.1-150000.5.15.1 * libncurses6-6.1-150000.5.15.1 * ncurses-utils-6.1-150000.5.15.1 * terminfo-6.1-150000.5.15.1 * terminfo-base-6.1-150000.5.15.1 * libncurses6-debuginfo-6.1-150000.5.15.1 * ncurses-utils-debuginfo-6.1-150000.5.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29491.html * https://bugzilla.suse.com/show_bug.cgi?id=1210434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:07 -0000 Subject: SUSE-SU-2023:2110-1: important: Security update for java-17-openjdk Message-ID: <168353670754.2288.11117423809397926572@smelt2.suse.de> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2023:2110-1 Rating: important References: * #1209333 * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: * CVE-2023-21930: Fixed AES support (bsc#1210628). * CVE-2023-21937: Fixed String platform support (bsc#1210631). * CVE-2023-21938: Fixed runtime support (bsc#1210632). * CVE-2023-21939: Fixed Swing platform support (bsc#1210634). * CVE-2023-21954: Fixed object reclamation process (bsc#1210635). * CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). * CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: * Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2110=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2110=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-src-17.0.7.0-150400.3.18.2 * java-17-openjdk-17.0.7.0-150400.3.18.2 * java-17-openjdk-devel-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-headless-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-headless-17.0.7.0-150400.3.18.2 * java-17-openjdk-demo-17.0.7.0-150400.3.18.2 * java-17-openjdk-jmods-17.0.7.0-150400.3.18.2 * java-17-openjdk-devel-17.0.7.0-150400.3.18.2 * java-17-openjdk-debugsource-17.0.7.0-150400.3.18.2 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.7.0-150400.3.18.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-17.0.7.0-150400.3.18.2 * java-17-openjdk-devel-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-headless-debuginfo-17.0.7.0-150400.3.18.2 * java-17-openjdk-headless-17.0.7.0-150400.3.18.2 * java-17-openjdk-demo-17.0.7.0-150400.3.18.2 * java-17-openjdk-devel-17.0.7.0-150400.3.18.2 * java-17-openjdk-debugsource-17.0.7.0-150400.3.18.2 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1209333 * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:09 -0000 Subject: SUSE-RU-2023:2102-1: moderate: Recommended update for usbguard Message-ID: <168353670909.2288.3356420027146585575@smelt2.suse.de> # Recommended update for usbguard Announcement ID: SUSE-RU-2023:2102-1 Rating: moderate References: * #1196621 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for usbguard fixes the following issues: Update to 1.1.2 * Fixed * Polkit: Always allow getParameter/listDevices/listRules in active sessions * D-Bus: Send reply on auth failure * Polkit: Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed Update to 1.1.1 * Fixed/Changed * Use authentication instead of authentification * Restore support for access control filenames without a group * Enable dbus support (bsc#1196621, jsc#PED-3789). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2102=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2102=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libusbguard1-1.1.2-150400.3.3.1 * usbguard-debugsource-1.1.2-150400.3.3.1 * usbguard-1.1.2-150400.3.3.1 * libusbguard1-debuginfo-1.1.2-150400.3.3.1 * usbguard-tools-1.1.2-150400.3.3.1 * usbguard-devel-1.1.2-150400.3.3.1 * usbguard-debuginfo-1.1.2-150400.3.3.1 * usbguard-tools-debuginfo-1.1.2-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libusbguard1-1.1.2-150400.3.3.1 * usbguard-debugsource-1.1.2-150400.3.3.1 * usbguard-1.1.2-150400.3.3.1 * libusbguard1-debuginfo-1.1.2-150400.3.3.1 * usbguard-tools-1.1.2-150400.3.3.1 * usbguard-devel-1.1.2-150400.3.3.1 * usbguard-debuginfo-1.1.2-150400.3.3.1 * usbguard-tools-debuginfo-1.1.2-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196621 * https://jira.suse.com/browse/PED-3789 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:10 -0000 Subject: SUSE-RU-2023:2101-1: moderate: Recommended update for libsass Message-ID: <168353671067.2288.10593186906658783854@smelt2.suse.de> # Recommended update for libsass Announcement ID: SUSE-RU-2023:2101-1 Rating: moderate References: * #1201074 * #1210890 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has two recommended fixes can now be installed. ## Description: libsass has received update for: * Update libsass to fix Greybird Geeko theme build failures (bsc#1201074) Update version to 3.6.5 (bsc#1201074): * Fix extend edge case going endlessly * Fix source-maps and how we count unicode characters * Fix seed generator if std::random_device fails * Fix url() containing exclamation mark causing an error * Fix Offset initialization when end was not given * Fix obvious backporting error in pseudo extend * Fix obvious identical subexpressions in op_color_number * Fix edge case regarding unit-less number equality as object keys * Revert compound re-ordering for non extended selectors * Prevent compiler warning about unnecessary copy Update to v3.6.4: * Fix parenthesization for selector schema and real parents * Add deprecation warning for global variable creation * Ensure correct output order of compound selectors * Handle loaded source code as shared objects * New custom memory allocator - disabled for now * Add back C-API getters for plugin paths * Fix abspath handling on windows without directory * Fix various edge case crashes * Fix segfault on directive ruleset * Fix heap-buffer-overflow in lexer * Fix stack-overflow in parser * Fix memory leak in parser * Fix memory leak in evaluation * Fix memory handling edge case * Fix some null pointer access crashes * Preparations for ongoing refactoring Update to v3.6.3: * Fix compound extend warning * Fix extend being stuck in endless loop * Fix various edge-case segfault crashes * Extend error_src lifetime on c-api context * Fix memory leak in permutation function * Preserve indentation in nested mode Update to v3.6.2: * Improve pseudo selector handling * Code improvements * Fix various functions arguments * Fix "call" for $function * Check weight argument on invert call * Improve makefile to use dylib extension on MacOS * Fix bug in scale-color with positive saturation * Minor API documentation improvements * Fix selector isInvisible logic * Fix evaluation of unary expressions in loops * Fix attribute selector equality with modifiers ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2101=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2101=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.5.1 * libsass-3_6_5-1-3.6.5-150200.4.5.1 * libsass-debugsource-3.6.5-150200.4.5.1 * libsass-devel-3.6.5-150200.4.5.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.5.1 * libsass-3_6_5-1-3.6.5-150200.4.5.1 * libsass-debugsource-3.6.5-150200.4.5.1 * libsass-devel-3.6.5-150200.4.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201074 * https://bugzilla.suse.com/show_bug.cgi?id=1210890 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:12 -0000 Subject: SUSE-SU-2023:2100-1: moderate: Security update for terraform-provider-helm Message-ID: <168353671204.2288.3218256926941295161@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:2100-1 Rating: moderate References: * #1208086 Cross-References: * CVE-2023-25165 CVSS scores: * CVE-2023-25165 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-25165 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves one vulnerability can now be installed. ## Description: This update for terraform-provider-helm fixes the following issues: Updated terraform-provider-helm to version 2.9.0: * CVE-2023-25165: Fixed getHostByName Function Information Disclosure by updating embedded helm package (bsc#1208086). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2100=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150100.3.6.3 ## References: * https://www.suse.com/security/cve/CVE-2023-25165.html * https://bugzilla.suse.com/show_bug.cgi?id=1208086 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:13 -0000 Subject: SUSE-RU-2023:2099-1: moderate: Recommended update for cronie Message-ID: <168353671315.2288.7003801805063546852@smelt2.suse.de> # Recommended update for cronie Announcement ID: SUSE-RU-2023:2099-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for cronie fixes the following issue: * Allow to define the logger info and warning priority. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2099=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2099=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cronie-anacron-debuginfo-1.5.7-150400.84.3.1 * cronie-1.5.7-150400.84.3.1 * cronie-debugsource-1.5.7-150400.84.3.1 * cronie-debuginfo-1.5.7-150400.84.3.1 * cronie-anacron-1.5.7-150400.84.3.1 * cron-4.2-150400.84.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cronie-debugsource-1.5.7-150400.84.3.1 * cron-4.2-150400.84.3.1 * cronie-debuginfo-1.5.7-150400.84.3.1 * cronie-1.5.7-150400.84.3.1 ## References: * https://jira.suse.com/browse/PED-2551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:14 -0000 Subject: SUSE-SU-2023:2097-1: important: Security update for maven and recommended update for antlr3, minlog, sbt, xmvn Message-ID: <168353671481.2288.13456601608999875597@smelt2.suse.de> # Security update for maven and recommended update for antlr3, minlog, sbt, xmvn Announcement ID: SUSE-SU-2023:2097-1 Rating: important References: * #1193795 Cross-References: * CVE-2021-42550 CVSS scores: * CVE-2021-42550 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: * Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217): * Security fixes: * CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795) * Bug fixes: * Fix resolver session containing non-MavenWorkspaceReader * Fix for multiple maven instances working on same source tree that can lock each other * Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back * Fix IllegalStateException in SessionScope during guice injection in multithreaded build * Revert MNG-7347 (SessionScoped beans should be singletons for a given session) * Fix compilation failure with relocated transitive dependency * Fix deadlock during forked lifecycle executions * Fix issue with resolving dependencies between submodules * New features and improvements: * Create a multiline message helper for boxed log messages * Display a warning when an aggregator mojo is locking other mojo executions * Align Assembly Descriptor NS versions * Dependency upgrades: * Upgrade SLF4J to 1.7.36 * Upgrade JUnit to 4.13.2 * Upgrade Plexus Utils to 3.3.1 * Move mvn.1 from bin to man directory antlr3: * Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217): * Change source compatibility to 1.8 and enable github workflows * Change Wiki URLs to theantlrguy.atlassian.net in README.txt * Add Bazel support * Remove enforcer plugin as it is not needed in a controlled environment minlog: * Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217): * Use currentTimeMillis * Use 3-Clause BSD * Use Java 7 JDK. sbt: * Fix build issues with maven 3.8.6 (jsc#SLE-23217) xmvn: * Remove RPM package build dependency on easymock (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2097=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2097=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2097=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2097=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2097=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2097=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2097=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2097=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2097=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2097=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2097=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2097=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2097=1 ## Package List: * openSUSE Leap 15.4 (noarch) * xmvn-resolve-4.0.0-150200.3.7.1 * antlr3-tool-3.5.3-150200.3.11.8 * antlr3-javadoc-3.5.3-150200.3.11.8 * antlr3-java-javadoc-3.5.3-150200.3.11.8 * xmvn-connector-javadoc-4.0.0-150200.3.7.3 * xmvn-mojo-javadoc-4.0.0-150200.3.7.8 * maven-javadoc-3.8.6-150200.4.9.8 * xmvn-mojo-4.0.0-150200.3.7.8 * antlr3-java-3.5.3-150200.3.11.8 * minlog-1.3.1-150200.3.7.8 * xmvn-parent-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * antlr3-bootstrap-tool-3.5.3-150200.3.11.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-connector-4.0.0-150200.3.7.3 * xmvn-tools-javadoc-4.0.0-150200.3.7.1 * sbt-bootstrap-0.13.18-150200.4.7.8 * sbt-0.13.18-150200.4.7.8 * minlog-javadoc-1.3.1-150200.3.7.8 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * Development Tools Module 15-SP4 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * antlr3-java-3.5.3-150200.3.11.8 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Enterprise Storage 7.1 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * xmvn-minimal-4.0.0-150200.3.7.1 * xmvn-4.0.0-150200.3.7.1 * maven-lib-3.8.6-150200.4.9.8 * maven-3.8.6-150200.4.9.8 * SUSE Enterprise Storage 7 (noarch) * xmvn-connector-4.0.0-150200.3.7.3 * minlog-1.3.1-150200.3.7.8 * xmvn-resolve-4.0.0-150200.3.7.1 * xmvn-api-4.0.0-150200.3.7.1 * xmvn-mojo-4.0.0-150200.3.7.8 * xmvn-subst-4.0.0-150200.3.7.1 * xmvn-install-4.0.0-150200.3.7.1 * xmvn-core-4.0.0-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2021-42550.html * https://bugzilla.suse.com/show_bug.cgi?id=1193795 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:16 -0000 Subject: SUSE-SU-2023:2096-1: important: Security update for netty, netty-tcnative Message-ID: <168353671694.2288.16369855944514601859@smelt2.suse.de> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2023:2096-1 Rating: important References: * #1199338 * #1206360 * #1206379 Cross-References: * CVE-2022-24823 * CVE-2022-41881 * CVE-2022-41915 CVSS scores: * CVE-2022-24823 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-24823 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-41881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-41915 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-41915 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: netty: * Security fixes included in this version update from 4.1.75 to 4.1.90: * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix- Like systems due temporary files for Java 6 and lower in io.netty:netty- codec-http (bsc#1199338) * CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360) * CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379) * Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90: * Build with Java 11 on ix86 architecture in order to avoid build failures * Fix `HttpHeaders.names` for non-String headers * Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off * Fix brotli compression * Fix a bug in FlowControlHandler that broke auto-read * Fix a potential memory leak bug has been in the pooled allocator * Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the `Klass::secondary_super_cache` field in the JVM * Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath * Fix several `NullPointerException` bugs * Fix a regression `SslContext` private key loading * Fix a bug in `SslContext` private key reading fall-back path * Fix a buffer leak regression in `HttpClientCodec` * Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly * Fix epoll bug when receiving zero-sized datagrams * Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception * Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop thread * Fix a bug where an OPT record was added to DNS queries that already had such a record * Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name * Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext` * Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge * Fix a bug where Netty fails to load a shaded native library * Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox * Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols` system properties, making them react to these in the same way the JDK SSL provider does * Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP * For a more detailed list of changes please consult the official release notes: * Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html * Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html * Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html * Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html * Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html * Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html * Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html * Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html * Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html * Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html * Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html * Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html * Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html * Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html netty-tcnative: * New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains important security updates * No formal changelog present. This artifact is closely bound to the netty releases ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2096=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2096=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2096=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2096=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2096=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2096=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2096=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2096=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2096=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2096=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2096=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2096=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * netty-4.1.90-150200.4.14.1 * openSUSE Leap 15.4 (noarch) * netty-tcnative-javadoc-2.0.59-150200.3.10.1 * netty-poms-4.1.90-150200.4.14.1 * netty-javadoc-4.1.90-150200.4.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * netty-tcnative-2.0.59-150200.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24823.html * https://www.suse.com/security/cve/CVE-2022-41881.html * https://www.suse.com/security/cve/CVE-2022-41915.html * https://bugzilla.suse.com/show_bug.cgi?id=1199338 * https://bugzilla.suse.com/show_bug.cgi?id=1206360 * https://bugzilla.suse.com/show_bug.cgi?id=1206379 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:18 -0000 Subject: SUSE-RU-2023:2088-1: moderate: Recommended update for rust, rust1.68 Message-ID: <168353671846.2288.7054620381128739660@smelt2.suse.de> # Recommended update for rust, rust1.68 Announcement ID: SUSE-RU-2023:2088-1 Rating: moderate References: * #1209839 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for rust, rust1.68 fixes the following issues: Changes in rust1.68: * bsc#1209839 - replace leaked github keys in rust/cargo # Version 1.68.2 (2023-03-28) * Update the GitHub RSA host key bundled within Cargo The key was rotated by GitHub (https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/) on 2023-03-24 after the old one leaked. * Mark the old GitHub RSA host key as revoked](https://github.com/rust- lang/cargo/pull/11889). This will prevent Cargo from accepting the leaked key even when trusted by the system. * Add support for `@revoked` and a better error message for `@cert-authority` in Cargo's SSH host key verification * Fix miscompilation in produced Windows MSVC artifacts This was introduced by enabling ThinLTO for the distributed rustc which led to miscompilations in the resulting binary. Currently this is believed to be limited to the -Zdylib-lto flag used for rustc compilation, rather than a general bug in ThinLTO, so only rustc artifacts should be affected. * Fix --enable-local-rust builds * Treat `$prefix-clang` as `clang` in linker detection code * Fix panic in compiler code ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2088=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2088=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cargo1.68-debuginfo-1.68.2-150400.9.10.2 * rust1.68-debuginfo-1.68.2-150400.9.10.2 * cargo1.68-1.68.2-150400.9.10.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.68-1.68.2-150400.9.10.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cargo1.68-debuginfo-1.68.2-150400.9.10.2 * rust1.68-debuginfo-1.68.2-150400.9.10.2 * cargo1.68-1.68.2-150400.9.10.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.68-1.68.2-150400.9.10.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209839 * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:38 -0000 Subject: SUSE-SU-2023:2086-1: important: Security update for shim Message-ID: <168353673851.2288.13894624133683983913@smelt2.suse.de> # Security update for shim Announcement ID: SUSE-SU-2023:2086-1 Rating: important References: * #1185232 * #1185261 * #1185441 * #1185621 * #1187071 * #1187260 * #1193282 * #1193315 * #1198101 * #1198458 * #1201066 * #1202120 * #1205588 Cross-References: * CVE-2022-28737 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains two features and has 12 fixes can now be installed. ## Description: This update for shim fixes the following issues: * Updated shim signature after shim 15.7 be signed back: signature- sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) * Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) * Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): * Make SBAT variable payload introspectable * Reference MokListRT instead of MokList * Add a link to the test plan in the readme. * [V3] Enable TDX measurement to RTMR register * Discard load-options that start with a NUL * Fixed load_cert_file bugs * Add -malign-double to IA32 compiler flags * pe: Fix image section entry-point validation * make-archive: Build reproducible tarball * mok: remove MokListTrusted from PCR 7 Other fixes: * Support enhance shim measurement to TD RTMR. (jsc#PED-1273) * shim-install: ensure grub.cfg created is not overwritten after installing grub related files * Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) * Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) * Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): * MokManager: removed Locate graphic output protocol fail error message * shim: implement SBAT verification for the shim_lock protocol * post-process-pe: Fix a missing return code check * Update github actions matrix to be more useful * post-process-pe: Fix format string warnings on 32-bit platforms * Allow MokListTrusted to be enabled by default * Re-add ARM AArch64 support * Use ASCII as fallback if Unicode Box Drawing characters fail * make: don't treat cert.S specially * shim: use SHIM_DEVEL_VERBOSE when built in devel mode * Break out of the inner sbat loop if we find the entry. * Support loading additional certificates * Add support for NX (W^X) mitigations. * Fix preserve_sbat_uefi_variable() logic * SBAT Policy latest should be a one-shot * pe: Fix a buffer overflow when SizeOfRawData > VirtualSize * pe: Perform image verification earlier when loading grub * Update advertised sbat generation number for shim * Update SBAT generation requirements for 05/24/22 * Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): * Broken ia32 relocs and an unimportant submodule change. * mok: allocate MOK config table as BootServicesData * Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) * Relax the check for import_mok_state() (bsc#1185261) * SBAT.md: trivial changes * shim: another attempt to fix load options handling * Add tests for our load options parsing. * arm/aa64: fix the size of .rela* sections * mok: fix potential buffer overrun in import_mok_state * mok: relax the maximum variable size check * Don't unhook ExitBootServices when EBS protection is disabled * fallback: find_boot_option() needs to return the index for the boot entry in optnum * httpboot: Ignore case when checking HTTP headers * Fallback allocation errors * shim: avoid BOOTx64.EFI in message on other architectures * str: remove duplicate parameter check * fallback: add compile option FALLBACK_NONINTERACTIVE * Test mok mirror * Modify sbat.md to help with readability. * csv: detect end of csv file correctly * Specify that the .sbat section is ASCII not UTF-8 * tests: add "include-fixed" GCC directory to include directories * pe: simplify generate_hash() * Don't make shim abort when TPM log event fails (RHBZ #2002265) * Fallback to default loader if parsed one does not exist * fallback: Fix for BootOrder crash when index returned * Better console checks * docs: update SBAT UEFI variable name * Don't parse load options if invoked from removable media path * fallback: fix fallback not passing arguments of the first boot option * shim: Don't stop forever at "Secure Boot not enabled" notification * Allocate mokvar table in runtime memory. * Remove post-process-pe on 'make clean' * pe: missing perror argument * CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) * Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) * Updated vendor dbx binary and script (bsc#1198458) * Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN- Certificate-2021-05.crt to vendor dbx list. * Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE- UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. * Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. * Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. * avoid buffer overflow when copying data to the MOK config table (bsc#1185232) * Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) * ignore the odd LoadOptions length (bsc#1185232) * shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist * relax the maximum variable size check for u-boot (bsc#1185621) * handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) * Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) * Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2086=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2086=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2086=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2086=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2086=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2086=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2086=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE Enterprise Storage 7 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 * SUSE CaaS Platform 4.0 (x86_64) * shim-debuginfo-15.7-150100.3.35.1 * shim-15.7-150100.3.35.1 * shim-debugsource-15.7-150100.3.35.1 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://bugzilla.suse.com/show_bug.cgi?id=1185232 * https://bugzilla.suse.com/show_bug.cgi?id=1185261 * https://bugzilla.suse.com/show_bug.cgi?id=1185441 * https://bugzilla.suse.com/show_bug.cgi?id=1185621 * https://bugzilla.suse.com/show_bug.cgi?id=1187071 * https://bugzilla.suse.com/show_bug.cgi?id=1187260 * https://bugzilla.suse.com/show_bug.cgi?id=1193282 * https://bugzilla.suse.com/show_bug.cgi?id=1193315 * https://bugzilla.suse.com/show_bug.cgi?id=1198101 * https://bugzilla.suse.com/show_bug.cgi?id=1198458 * https://bugzilla.suse.com/show_bug.cgi?id=1201066 * https://bugzilla.suse.com/show_bug.cgi?id=1202120 * https://bugzilla.suse.com/show_bug.cgi?id=1205588 * https://jira.suse.com/browse/PED-127 * https://jira.suse.com/browse/PED-1273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:42 -0000 Subject: SUSE-SU-2023:2083-1: moderate: Security update for installation-images Message-ID: <168353674283.2288.7078595157015339798@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2083-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2083=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2083=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * tftpboot-installation-SLE-Micro-5.4-aarch64-16.57.26-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.4-x86_64-16.57.26-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.4-s390x-16.57.26-150400.3.2.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * tftpboot-installation-SLE-Micro-5.4-aarch64-16.57.26-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.4-x86_64-16.57.26-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.4-s390x-16.57.26-150400.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:39 -0000 Subject: SUSE-RU-2023:2085-1: moderate: Recommended update for aardvark-dns, netavark Message-ID: <168353673975.2288.13664407740900402941@smelt2.suse.de> # Recommended update for aardvark-dns, netavark Announcement ID: SUSE-RU-2023:2085-1 Rating: moderate References: Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that contains two features can now be installed. ## Description: This update for aardvark-dns, netavark fixes the following issues: This update ships netavark and aardvark-dns for use by podman. (jsc#PED-1805) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2085=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2085=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2085=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2085=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2085=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2085=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2085=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2085=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150300.7.6.1 * aardvark-dns-debuginfo-1.5.0-150300.7.5.1 * aardvark-dns-1.5.0-150300.7.5.1 * netavark-1.5.0-150300.7.6.1 ## References: * https://jira.suse.com/browse/PED-1805 * https://jira.suse.com/browse/PED-2771 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:41 -0000 Subject: SUSE-SU-2023:2084-1: important: Security update for shim Message-ID: <168353674118.2288.2797498569565571791@smelt2.suse.de> # Security update for shim Announcement ID: SUSE-SU-2023:2084-1 Rating: important References: * #1210382 Cross-References: * CVE-2022-28737 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for shim fixes the following issues: * CVE-2022-28737 was missing as reference previously. * Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2084=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2084=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2084=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2084=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2084=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2084=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2084=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2084=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2084=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2084=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2084=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2084=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2084=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2084=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2084=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2084=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2084=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2084=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2084=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * openSUSE Leap 15.4 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Manager Proxy 4.2 (x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 * SUSE Manager Server 4.2 (x86_64) * shim-15.7-150300.4.16.1 * shim-debuginfo-15.7-150300.4.16.1 * shim-debugsource-15.7-150300.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://bugzilla.suse.com/show_bug.cgi?id=1210382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:44 -0000 Subject: SUSE-SU-2023:2082-1: moderate: Security update for installation-images Message-ID: <168353674438.2288.3233821333284759995@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2082-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise Micro 5.1 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2082=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (noarch) * tftpboot-installation-SLE-Micro-5.1-aarch64-16.56.6-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.1-s390x-16.56.6-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.1-x86_64-16.56.6-150300.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:47 -0000 Subject: SUSE-SU-2023:2081-1: important: Security update for git Message-ID: <168353674705.2288.15852893640900159645@smelt2.suse.de> # Security update for git Announcement ID: SUSE-SU-2023:2081-1 Rating: important References: * #1210686 Cross-References: * CVE-2023-25652 * CVE-2023-25815 * CVE-2023-29007 CVSS scores: * CVE-2023-25652 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25815 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25815 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-29007 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2023-29007 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). * CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). * CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2081=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2081=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2081=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2081=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2081=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2081=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2081=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE Enterprise Storage 7 (noarch) * git-doc-2.26.2-150000.50.1 * SUSE CaaS Platform 4.0 (x86_64) * git-core-2.26.2-150000.50.1 * git-daemon-debuginfo-2.26.2-150000.50.1 * git-email-2.26.2-150000.50.1 * git-svn-2.26.2-150000.50.1 * git-debuginfo-2.26.2-150000.50.1 * git-debugsource-2.26.2-150000.50.1 * git-cvs-2.26.2-150000.50.1 * git-2.26.2-150000.50.1 * git-core-debuginfo-2.26.2-150000.50.1 * git-daemon-2.26.2-150000.50.1 * git-svn-debuginfo-2.26.2-150000.50.1 * git-web-2.26.2-150000.50.1 * gitk-2.26.2-150000.50.1 * git-arch-2.26.2-150000.50.1 * git-gui-2.26.2-150000.50.1 * SUSE CaaS Platform 4.0 (noarch) * git-doc-2.26.2-150000.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25652.html * https://www.suse.com/security/cve/CVE-2023-25815.html * https://www.suse.com/security/cve/CVE-2023-29007.html * https://bugzilla.suse.com/show_bug.cgi?id=1210686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:48 -0000 Subject: SUSE-SU-2023:2080-1: important: Security update for python-Django1 Message-ID: <168353674869.2288.13984818588124643905@smelt2.suse.de> # Security update for python-Django1 Announcement ID: SUSE-SU-2023:2080-1 Rating: important References: * #1208082 Cross-References: * CVE-2023-24580 CVSS scores: * CVE-2023-24580 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django1 fixes the following issues: * CVE-2023-24580: Fixed potential DoS in file uploads (bsc#1208082). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2080=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2080=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-Django1-1.11.29-3.44.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-Django1-1.11.29-3.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24580.html * https://bugzilla.suse.com/show_bug.cgi?id=1208082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:49 -0000 Subject: SUSE-RU-2023:2075-1: moderate: Recommended update for aardvark-dns, netavark Message-ID: <168353674981.2288.13468284381362647472@smelt2.suse.de> # Recommended update for aardvark-dns, netavark Announcement ID: SUSE-RU-2023:2075-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for aardvark-dns, netavark fixes the following issues: This update ships netavark and aardvark-dns for use by podman. (jsc#PED-1805) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2075=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2075=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2075=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2075=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2075=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2075=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2075=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * netavark-debuginfo-1.5.0-150400.9.5.1 * aardvark-dns-1.5.0-150400.9.4.1 * aardvark-dns-debuginfo-1.5.0-150400.9.4.1 * netavark-1.5.0-150400.9.5.1 ## References: * https://jira.suse.com/browse/PED-1805 * https://jira.suse.com/browse/PED-2771 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:51 -0000 Subject: SUSE-SU-2023:2074-1: moderate: Security update for zstd Message-ID: <168353675119.2288.9452939687849851568@smelt2.suse.de> # Security update for zstd Announcement ID: SUSE-SU-2023:2074-1 Rating: moderate References: * #1209533 Cross-References: * CVE-2022-4899 CVSS scores: * CVE-2022-4899 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4899 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for zstd fixes the following issues: * CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2074=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2074=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2074=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2074=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libzstd1-32bit-debuginfo-1.4.4-150000.1.9.1 * libzstd-devel-1.4.4-150000.1.9.1 * libzstd1-32bit-1.4.4-150000.1.9.1 * zstd-debuginfo-1.4.4-150000.1.9.1 * zstd-1.4.4-150000.1.9.1 * libzstd1-debuginfo-1.4.4-150000.1.9.1 * libzstd1-1.4.4-150000.1.9.1 * zstd-debugsource-1.4.4-150000.1.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zstd-debuginfo-1.4.4-150000.1.9.1 * libzstd1-debuginfo-1.4.4-150000.1.9.1 * libzstd1-1.4.4-150000.1.9.1 * zstd-debugsource-1.4.4-150000.1.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zstd-debuginfo-1.4.4-150000.1.9.1 * zstd-1.4.4-150000.1.9.1 * libzstd1-debuginfo-1.4.4-150000.1.9.1 * libzstd1-1.4.4-150000.1.9.1 * zstd-debugsource-1.4.4-150000.1.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zstd-debuginfo-1.4.4-150000.1.9.1 * zstd-1.4.4-150000.1.9.1 * libzstd1-debuginfo-1.4.4-150000.1.9.1 * libzstd1-1.4.4-150000.1.9.1 * zstd-debugsource-1.4.4-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4899.html * https://bugzilla.suse.com/show_bug.cgi?id=1209533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:54 -0000 Subject: SUSE-RU-2023:2071-1: moderate: Recommended update for rust Message-ID: <168353675481.2288.9352249642132327876@smelt2.suse.de> # Recommended update for rust Announcement ID: SUSE-RU-2023:2071-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for rust fixes the following issues: * Update to version 1.69.0 - for details see the rust1.69 package ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2071=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2071=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cargo1.69-1.69.0-150400.9.3.1 * cargo-1.69.0-150400.24.15.1 * cargo1.69-debuginfo-1.69.0-150400.9.3.1 * rust1.69-debuginfo-1.69.0-150400.9.3.1 * rust-1.69.0-150400.24.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.69-1.69.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cargo1.69-1.69.0-150400.9.3.1 * cargo-1.69.0-150400.24.15.1 * cargo1.69-debuginfo-1.69.0-150400.9.3.1 * rust1.69-debuginfo-1.69.0-150400.9.3.1 * rust-1.69.0-150400.24.15.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.69-1.69.0-150400.9.3.1 ## References: * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:53 -0000 Subject: SUSE-RU-2023:2073-1: moderate: Recommended update for libseccomp Message-ID: <168353675385.2288.18073101203410980292@smelt2.suse.de> # Recommended update for libseccomp Announcement ID: SUSE-RU-2023:2073-1 Rating: moderate References: * #1209407 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for libseccomp fixes the following issue: * Speed up database handling when processing many rules like in docker (bsc#1209407) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2073=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2073=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2073=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2073=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2073=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2073=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2073=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2073=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2073=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2073=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libseccomp2-32bit-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libseccomp2-32bit-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libseccomp-devel-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libseccomp2-32bit-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libseccomp2-2.4.1-11.6.1 * libseccomp2-debuginfo-2.4.1-11.6.1 * libseccomp-debugsource-2.4.1-11.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libseccomp2-debuginfo-32bit-2.4.1-11.6.1 * libseccomp2-32bit-2.4.1-11.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:55 -0000 Subject: SUSE-RU-2023:0716-2: moderate: Recommended update for rt-tests Message-ID: <168353675584.2288.4008508265468099409@smelt2.suse.de> # Recommended update for rt-tests Announcement ID: SUSE-RU-2023:0716-2 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that contains one feature can now be installed. ## Description: This update for rt-tests fixes the following issues: Version update from 2.2 to 2.4 (jsc#SLE-23995): * Add aarch64 support for oslat * Add the `--default-system` option in cyclictest This runs cyclictest without attempting any tuning. Power management is not suppressed so cyclictest measures the system as it is configured. This may result in worse realtime behaviour, but is sometimes what you are trying to measure. * Fix parsing of affinity when there is a space * Fixes in cyclicdeadline and deadline_test to prevent double mounting of cgroups * Fixes in cyclictest to address memory access violation issues for verbose with no affinity mask * hwlatdetect: Add option to specify cpumask * Increase the buf size to 2048 when parse cpuinfo * oslat: Print offending cpu number when above threshold * rt-numa: ignore runtime cpumask if '-a CPULIST' is specified * Significant clean-ups and fixes to hwlatdetect * For the complete list of changes you can consult: * 2.4: https://lore.kernel.org/linux-rt- users/20220708150017.13462-1-jkacur at redhat.com/ * 2.3: https://lore.kernel.org/linux-rt- users/20211210184649.11084-1-jkacur at redhat.com/ * Backport runtime fixes from upcomming release: * Fix threads being affined even when '-a' isn't set when using cyclictest * Remove arbitrary num of threads limits * Add error checking to connect and getsockname * Update hwlatdetect to integer division to prevent an error when calculating width, which assumes an integer ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-716=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-716=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * rt-tests-2.4-150400.3.3.1 * rt-tests-debugsource-2.4-150400.3.3.1 * rt-tests-debuginfo-2.4-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * rt-tests-2.4-150400.3.3.1 * rt-tests-debugsource-2.4-150400.3.3.1 * rt-tests-debuginfo-2.4-150400.3.3.1 ## References: * https://jira.suse.com/browse/SLE-23995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:05:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:05:59 -0000 Subject: SUSE-RU-2023:2061-1: moderate: Recommended update for SLES12-SP4-SLES15-Migration Message-ID: <168353675997.2288.13180391112989578793@smelt2.suse.de> # Recommended update for SLES12-SP4-SLES15-Migration Announcement ID: SUSE-RU-2023:2061-1 Rating: moderate References: * #1206194 * #1206701 * #1209304 * #1209591 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has four recommended fixes can now be installed. ## Description: This update for suse-migration-services fixes the following issues: * Add fixes to make updatesmtcache work correctly (bsc#1209591) * Add option to skip bind mount entries in fstab (bsc#1209304) * Bump version: 2.0.35 to 2.0.36 * Use bind mount when needed, to ensure the resolv.conf in the root_path contains proper settings (bsc#1206194) * Fix kernel check when there is no entry for 'multiversion =' (bsc#1206701) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2061=1 ## Package List: * Public Cloud Module 12 (x86_64) * SLES15-Migration-2.0.36-6 * Public Cloud Module 12 (noarch) * suse-migration-pre-checks-2.0.36-6.17.2 * suse-migration-sle15-activation-2.0.36-6.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206194 * https://bugzilla.suse.com/show_bug.cgi?id=1206701 * https://bugzilla.suse.com/show_bug.cgi?id=1209304 * https://bugzilla.suse.com/show_bug.cgi?id=1209591 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:00 -0000 Subject: SUSE-RU-2023:0713-2: moderate: Recommended update for suse-build-key Message-ID: <168353676096.2288.13856069750008878874@smelt2.suse.de> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2023:0713-2 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that contains one feature can now be installed. ## Description: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) * gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). * gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). * suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. * build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse- container-key-2023.pem and suse-container-key-2023.asc * suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-713=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-713=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * suse-build-key-12.0-150000.8.31.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * suse-build-key-12.0-150000.8.31.1 ## References: * https://jira.suse.com/browse/PED-2777 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:02 -0000 Subject: SUSE-RU-2023:0658-2: moderate: Recommended update for cloud-netconfig Message-ID: <168353676267.2288.11597231715506653416@smelt2.suse.de> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:0658-2 Rating: moderate References: * #1199853 * #1204549 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has two recommended fixes can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.7: * Overhaul policy routing setup * Support alias IPv4 ranges * Add support for NetworkManager (bsc#1204549) * Remove dependency on netconfig * Install into libexec directory * Clear stale ifcfg files for accelerated NICs (bsc#1199853) * More debug messages * Documentation update * /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-658=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-658=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-netconfig-gce-1.7-150000.25.8.1 * cloud-netconfig-ec2-1.7-150000.25.8.1 * cloud-netconfig-azure-1.7-150000.25.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199853 * https://bugzilla.suse.com/show_bug.cgi?id=1204549 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:05 -0000 Subject: SUSE-RU-2023:1709-2: moderate: Recommended update for yast2-bootloader Message-ID: <168353676522.2288.13964464694708770172@smelt2.suse.de> # Recommended update for yast2-bootloader Announcement ID: SUSE-RU-2023:1709-2 Rating: moderate References: * #1206295 Affected Products: * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-bootloader fixes the following issue: * make secure boot for ppc64 consistent with how secure boot works on other architectures (bsc#1206295) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1709=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-bootloader-4.4.19-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206295 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:06 -0000 Subject: SUSE-FU-2023:2049-1: moderate: Feature update for bouncycastle Message-ID: <168353676629.2288.1634313688330158670@smelt2.suse.de> # Feature update for bouncycastle Announcement ID: SUSE-FU-2023:2049-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for bouncycastle fixes the following issues: bouncycastle was updated to version 1.72: * Defects Fixed: * There were parameter errors in XMSS^MT OIDs for XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have been fixed. * There was an error in Merkle tree construction for the Evidence Records (ERS) implementation which could result in invalid roots been timestamped. ERS now produces an ArchiveTimeStamp for each data object/group with an associated reduced hash tree. The reduced hash tree is now calculated as a simple path to the root of the tree for each record. * OpenPGP will now ignore signatures marked as non-exportable on encoding. * A tagging calculation error in GCMSIV which could result in incorrect tags has been fixed. * Issues around Java 17 which could result in failing tests have been addressed. * Additional Features and Functionality: * BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method). * BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE. * BCJSSE: Support export of keying material via extension API. * (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266. * (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3. * (D)TLS (low-level API): Add support for raw public keys per RFC 7250. * CryptoServicesRegistrar now has a setServicesConstraints() method on it which can be used to selectively turn off algorithms. * The NIST PQC Alternate Candidate, Picnic, has been added to the low level API and the BCPQC provider. * SPHINCS+ has been upgraded to the latest submission, SPHINCS+ 3.1 and support for Haraka has been added. * Evidence records now support timestamp renewal and hash renewal. * The SIKE Alternative Candidate NIST Post Quantum Algorithm has been added to the low-level PQC API. * The NTRU Round 3 Finalist Candidate NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. * The Falcon Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. * The CRYSTALS-Kyber Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. * Argon2 Support has been added to the OpenPGP API. * XDH IES has now been added to the BC provider. * The OpenPGP API now supports AEAD encryption and decryption. * The NTRU Prime Alternative Candidate NIST Post Quantum Algorithms have been added to the low-level API and the BCPQC provider. * The CRYSTALS-Dilithium Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. * The BIKE NIST Post Quantum Alternative/Round-4 Candidate has been added to the low-level API and the BCPQC provider. * The HQC NIST Post Quantum Alternative/Round-4 Candidate has been added to the low-level API and the BCPQC provider. * Grain128AEAD has been added to the lightweight API. * A fast version of CRC24 has been added for use with the PGP API. * Some additional methods and fields have been exposed in the PGPOnePassSignature class to (hopefully) make it easier to deal with nested signatures. * CMP support classes have been updated to reflect the latest editions to the the draft RFC "Lightweight Certificate Management Protocol (CMP) Profile". * Support has been added to the PKCS#12 implementation for the Oracle trusted certificate attribute. * Performance of our BZIP2 classes has been improved. * Notes: * Keep in mind the PQC algorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term. * The legacy "Rainbow" and "McEliece" implementations have been removed from the BCPQC provider. The underlying classes are still present if required. Other legacy algorithm implementations can be found under the org.bouncycastle.pqc.legacy package. * Security Notes: * The PQC SIKE algorithm is provided for research purposes only. It should now be regarded as broken. The SIKE implementation will be withdrawn in BC 1.73. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2049=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2049=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2049=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2049=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2049=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2049=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2049=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2049=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2049=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2049=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2049=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2049=1 ## Package List: * openSUSE Leap 15.4 (noarch) * bouncycastle-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * bouncycastle-tls-1.72-150200.3.12.1 * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-mail-1.72-150200.3.12.1 * bouncycastle-javadoc-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * Development Tools Module 15-SP4 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Enterprise Storage 7.1 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 * SUSE Enterprise Storage 7 (noarch) * bouncycastle-pkix-1.72-150200.3.12.1 * bouncycastle-1.72-150200.3.12.1 * bouncycastle-pg-1.72-150200.3.12.1 * bouncycastle-util-1.72-150200.3.12.1 ## References: * https://jira.suse.com/browse/PED-3901 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:10 -0000 Subject: SUSE-RU-2023:1965-1: moderate: Recommended update for release-notes-sles Message-ID: <168353677047.2288.17456661079554903233@smelt2.suse.de> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:1965-1 Rating: moderate References: * #1206365 * #1208142 * #933411 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has three recommended fixes can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * Update to 15.4.20230301 (bsc#933411) * Added note about Vagrant box removal (bsc#1208142) * Added note about silencing killmode=none (jsc#PED-407) * Updated note about ULP (bsc#1206365) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1965=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-2023-1965=1 SUSE-SLE- INSTALLER-15-SP4-2023-1965=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1965=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Linux Enterprise Server 15 SP4 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Manager Server 4.3 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 * SUSE Manager Proxy 4.3 (noarch) * release-notes-sles-15.4.20230301-150400.3.13.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206365 * https://bugzilla.suse.com/show_bug.cgi?id=1208142 * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:11 -0000 Subject: SUSE-RU-2023:1964-1: moderate: Recommended update for mariadb Message-ID: <168353677143.2288.12140732470729838043@smelt2.suse.de> # Recommended update for mariadb Announcement ID: SUSE-RU-2023:1964-1 Rating: moderate References: Affected Products: * Galera for Ericsson 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 An update that can now be installed. ## Description: This update for mariadb fixes the following issues: * Update to 10.5.19 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1964=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-1964=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libmariadbd-devel-10.5.19-150300.3.24.2 * libmariadbd19-debuginfo-10.5.19-150300.3.24.2 * libmariadbd19-10.5.19-150300.3.24.2 * mariadb-client-debuginfo-10.5.19-150300.3.24.2 * mariadb-tools-10.5.19-150300.3.24.2 * mariadb-tools-debuginfo-10.5.19-150300.3.24.2 * mariadb-client-10.5.19-150300.3.24.2 * mariadb-debugsource-10.5.19-150300.3.24.2 * mariadb-debuginfo-10.5.19-150300.3.24.2 * mariadb-10.5.19-150300.3.24.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * mariadb-errormessages-10.5.19-150300.3.24.2 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.19-150300.3.24.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:19 -0000 Subject: SUSE-RU-2023:1963-1: moderate: Recommended update for grub2 Message-ID: <168353677975.2288.11051442383049984784@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:1963-1 Rating: moderate References: * #1187810 * #1189036 * #1207064 * #1209165 * #1209234 * #1209372 * #1209667 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has seven recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) * Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1963=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1963=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1963=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1963=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1963=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1963=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1963=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1963=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-1963=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * grub2-2.06-150400.11.30.1 * grub2-debugsource-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * openSUSE Leap Micro 5.3 (noarch) * grub2-i386-pc-2.06-150400.11.30.1 * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * openSUSE Leap 15.4 (noarch) * grub2-x86_64-xen-extras-2.06-150400.11.30.1 * grub2-i386-xen-extras-2.06-150400.11.30.1 * grub2-i386-pc-2.06-150400.11.30.1 * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-i386-pc-extras-2.06-150400.11.30.1 * grub2-systemd-sleep-plugin-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-efi-debug-2.06-150400.11.30.1 * grub2-powerpc-ieee1275-extras-2.06-150400.11.30.1 * grub2-s390x-emu-extras-2.06-150400.11.30.1 * grub2-i386-pc-debug-2.06-150400.11.30.1 * grub2-arm64-efi-debug-2.06-150400.11.30.1 * grub2-i386-efi-extras-2.06-150400.11.30.1 * grub2-arm64-efi-extras-2.06-150400.11.30.1 * grub2-powerpc-ieee1275-debug-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-powerpc-ieee1275-2.06-150400.11.30.1 * grub2-x86_64-efi-extras-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * grub2-branding-upstream-2.06-150400.11.30.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.30.1 * openSUSE Leap 15.4 (s390x) * grub2-s390x-emu-debug-2.06-150400.11.30.1 * grub2-s390x-emu-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debugsource-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-i386-pc-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debugsource-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-i386-pc-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debugsource-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-i386-pc-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debugsource-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-i386-pc-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-x86_64-xen-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150400.11.30.1 * grub2-debuginfo-2.06-150400.11.30.1 * Basesystem Module 15-SP4 (noarch) * grub2-i386-pc-2.06-150400.11.30.1 * grub2-snapper-plugin-2.06-150400.11.30.1 * grub2-systemd-sleep-plugin-2.06-150400.11.30.1 * grub2-x86_64-efi-2.06-150400.11.30.1 * grub2-powerpc-ieee1275-2.06-150400.11.30.1 * grub2-arm64-efi-2.06-150400.11.30.1 * Basesystem Module 15-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.30.1 * Basesystem Module 15-SP4 (s390x) * grub2-s390x-emu-2.06-150400.11.30.1 * Server Applications Module 15-SP4 (noarch) * grub2-x86_64-xen-2.06-150400.11.30.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * grub2-arm64-efi-2.06-150400.11.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1187810 * https://bugzilla.suse.com/show_bug.cgi?id=1189036 * https://bugzilla.suse.com/show_bug.cgi?id=1207064 * https://bugzilla.suse.com/show_bug.cgi?id=1209165 * https://bugzilla.suse.com/show_bug.cgi?id=1209234 * https://bugzilla.suse.com/show_bug.cgi?id=1209372 * https://bugzilla.suse.com/show_bug.cgi?id=1209667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:21 -0000 Subject: SUSE-SU-2023:1962-1: important: Security update for indent Message-ID: <168353678134.2288.1661066505886026359@smelt2.suse.de> # Security update for indent Announcement ID: SUSE-SU-2023:1962-1 Rating: important References: * #1209718 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for indent fixes the following issues: * Fixed multiple memory safety issues (bsc#1209718). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1962=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1962=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1962=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1962=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1962=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1962=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1962=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1962=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1962=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1962=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1962=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1962=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1962=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1962=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1962=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * indent-debugsource-2.2.11-150000.3.3.1 * indent-2.2.11-150000.3.3.1 * indent-debuginfo-2.2.11-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209718 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:37 -0000 Subject: SUSE-RU-2023:1938-1: low: Recommended update for NetworkManager Message-ID: <168353679790.2288.7422898754750150263@smelt2.suse.de> # Recommended update for NetworkManager Announcement ID: SUSE-RU-2023:1938-1 Rating: low References: * #1194715 * #1204549 * #1205529 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update for NetworkManager fixes the following issue: * Adds missing NetworkManager and dependencies to Micro 5.3 (bsc#1204549, bsc#1205529) * rp-pppoe: replace deprecated ifconfig dependency with iproute2. (bsc#1194715, jsc#SLE-24004) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1938=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1938=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1938=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1938=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1938=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1938=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1938=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1938=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1938=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1938=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1938=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * NetworkManager-1.38.2-150400.3.2.3 * typelib-1_0-NM-1_0-1.38.2-150400.3.2.3 * libnm0-1.38.2-150400.3.2.3 * NetworkManager-debuginfo-1.38.2-150400.3.2.3 * libnm0-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-debugsource-1.38.2-150400.3.2.3 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.2.3 * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * NetworkManager-tui-1.38.2-150400.3.2.3 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.2.3 * libatm1-2.5.2-150400.14.2.3 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * NetworkManager-bluetooth-1.38.2-150400.3.2.3 * libslang2-2.3.1a-150000.5.2.3 * NetworkManager-wwan-1.38.2-150400.3.2.3 * libbluetooth3-5.62-150400.4.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-tui-debuginfo-1.38.2-150400.3.2.3 * ppp-2.4.7-150000.5.10.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * NetworkManager-pppoe-1.38.2-150400.3.2.3 * NetworkManager-cloud-setup-1.38.2-150400.3.2.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * newt-0.52.20-150000.7.2.3 * bluez-cups-debuginfo-5.62-150400.4.10.3 * bluez-cups-5.62-150400.4.10.3 * bluez-debuginfo-5.62-150400.4.10.3 * bluez-devel-5.62-150400.4.10.3 * linux-atm-devel-2.5.2-150400.14.2.3 * linux-atm-2.5.2-150400.14.2.3 * newt-debuginfo-0.52.20-150000.7.2.3 * bluez-deprecated-5.62-150400.4.10.3 * newt-static-0.52.20-150000.7.2.3 * linux-atm-debugsource-2.5.2-150400.14.2.3 * linux-atm-debuginfo-2.5.2-150400.14.2.3 * libatm1-2.5.2-150400.14.2.3 * python3-newt-0.52.20-150000.7.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * slang-slsh-2.3.1a-150000.5.2.3 * libslang2-2.3.1a-150000.5.2.3 * bluez-test-5.62-150400.4.10.3 * bluez-debugsource-5.62-150400.4.10.3 * libbluetooth3-5.62-150400.4.10.3 * slang-devel-2.3.1a-150000.5.2.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * bluez-5.62-150400.4.10.3 * python3-newt-debuginfo-0.52.20-150000.7.2.3 * ppp-2.4.7-150000.5.10.3 * bluez-test-debuginfo-5.62-150400.4.10.3 * slang-debugsource-2.3.1a-150000.5.2.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * newt-debugsource-0.52.20-150000.7.2.3 * bluez-deprecated-debuginfo-5.62-150400.4.10.3 * newt-devel-0.52.20-150000.7.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * ppp-devel-2.4.7-150000.5.10.3 * slang-slsh-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-debugsource-3.12-150000.6.6.2 * openSUSE Leap 15.4 (noarch) * newt-doc-0.52.20-150000.7.2.3 * bluez-auto-enable-devices-5.62-150400.4.10.3 * ppp-modem-2.4.7-150000.5.10.3 * openSUSE Leap 15.4 (x86_64) * libnewt0_52-32bit-0.52.20-150000.7.2.3 * libbluetooth3-32bit-5.62-150400.4.10.3 * libbluetooth3-32bit-debuginfo-5.62-150400.4.10.3 * libnewt0_52-32bit-debuginfo-0.52.20-150000.7.2.3 * libslang2-32bit-debuginfo-2.3.1a-150000.5.2.3 * bluez-devel-32bit-5.62-150400.4.10.3 * libslang2-32bit-2.3.1a-150000.5.2.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.2.3 * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * NetworkManager-tui-1.38.2-150400.3.2.3 * NetworkManager-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.2.3 * libnm0-1.38.2-150400.3.2.3 * libatm1-2.5.2-150400.14.2.3 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * NetworkManager-bluetooth-1.38.2-150400.3.2.3 * libslang2-2.3.1a-150000.5.2.3 * NetworkManager-wwan-1.38.2-150400.3.2.3 * libbluetooth3-5.62-150400.4.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * libnm0-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-1.38.2-150400.3.2.3 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-tui-debuginfo-1.38.2-150400.3.2.3 * ppp-2.4.7-150000.5.10.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * typelib-1_0-NM-1_0-1.38.2-150400.3.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * NetworkManager-pppoe-1.38.2-150400.3.2.3 * NetworkManager-cloud-setup-1.38.2-150400.3.2.3 * NetworkManager-debugsource-1.38.2-150400.3.2.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.2.3 * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * NetworkManager-tui-1.38.2-150400.3.2.3 * NetworkManager-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.2.3 * libnm0-1.38.2-150400.3.2.3 * libatm1-2.5.2-150400.14.2.3 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * NetworkManager-bluetooth-1.38.2-150400.3.2.3 * libslang2-2.3.1a-150000.5.2.3 * NetworkManager-wwan-1.38.2-150400.3.2.3 * libbluetooth3-5.62-150400.4.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * libnm0-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-1.38.2-150400.3.2.3 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.2.3 * NetworkManager-tui-debuginfo-1.38.2-150400.3.2.3 * ppp-2.4.7-150000.5.10.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * typelib-1_0-NM-1_0-1.38.2-150400.3.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * NetworkManager-pppoe-1.38.2-150400.3.2.3 * NetworkManager-cloud-setup-1.38.2-150400.3.2.3 * NetworkManager-debugsource-1.38.2-150400.3.2.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * bluez-debuginfo-5.62-150400.4.10.3 * newt-debuginfo-0.52.20-150000.7.2.3 * linux-atm-debugsource-2.5.2-150400.14.2.3 * linux-atm-debuginfo-2.5.2-150400.14.2.3 * libatm1-2.5.2-150400.14.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * libslang2-2.3.1a-150000.5.2.3 * bluez-debugsource-5.62-150400.4.10.3 * libbluetooth3-5.62-150400.4.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * ppp-2.4.7-150000.5.10.3 * slang-debugsource-2.3.1a-150000.5.2.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * newt-debugsource-0.52.20-150000.7.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libslang2-debuginfo-2.3.1a-150000.5.2.3 * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * bluez-debuginfo-5.62-150400.4.10.3 * newt-debuginfo-0.52.20-150000.7.2.3 * linux-atm-debugsource-2.5.2-150400.14.2.3 * linux-atm-debuginfo-2.5.2-150400.14.2.3 * libatm1-2.5.2-150400.14.2.3 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * libslang2-2.3.1a-150000.5.2.3 * bluez-debugsource-5.62-150400.4.10.3 * libbluetooth3-5.62-150400.4.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * ppp-2.4.7-150000.5.10.3 * slang-debugsource-2.3.1a-150000.5.2.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * newt-debugsource-0.52.20-150000.7.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libslang2-debuginfo-2.3.1a-150000.5.2.3 * newt-0.52.20-150000.7.2.3 * bluez-debuginfo-5.62-150400.4.10.3 * newt-debugsource-0.52.20-150000.7.2.3 * bluez-deprecated-debuginfo-5.62-150400.4.10.3 * bluez-5.62-150400.4.10.3 * newt-debuginfo-0.52.20-150000.7.2.3 * bluez-deprecated-5.62-150400.4.10.3 * python3-newt-debuginfo-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * libslang2-2.3.1a-150000.5.2.3 * bluez-debugsource-5.62-150400.4.10.3 * libbluetooth3-5.62-150400.4.10.3 * slang-debugsource-2.3.1a-150000.5.2.3 * libnewt0_52-0.52.20-150000.7.2.3 * libbluetooth3-debuginfo-5.62-150400.4.10.3 * python3-newt-0.52.20-150000.7.2.3 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bluez-devel-5.62-150400.4.10.3 * bluez-debuginfo-5.62-150400.4.10.3 * linux-atm-devel-2.5.2-150400.14.2.3 * newt-debugsource-0.52.20-150000.7.2.3 * newt-debuginfo-0.52.20-150000.7.2.3 * newt-devel-0.52.20-150000.7.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * ppp-2.4.7-150000.5.10.3 * linux-atm-debugsource-2.5.2-150400.14.2.3 * ppp-devel-2.4.7-150000.5.10.3 * bluez-debugsource-5.62-150400.4.10.3 * slang-debugsource-2.3.1a-150000.5.2.3 * slang-devel-2.3.1a-150000.5.2.3 * linux-atm-debuginfo-2.5.2-150400.14.2.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libatm1-2.5.2-150400.14.2.3 * libatm1-debuginfo-2.5.2-150400.14.2.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libslang2-debuginfo-2.3.1a-150000.5.2.3 * newt-0.52.20-150000.7.2.3 * newt-debugsource-0.52.20-150000.7.2.3 * newt-debuginfo-0.52.20-150000.7.2.3 * newt-devel-0.52.20-150000.7.2.3 * ppp-debuginfo-2.4.7-150000.5.10.3 * python3-newt-debuginfo-0.52.20-150000.7.2.3 * ppp-2.4.7-150000.5.10.3 * ppp-devel-2.4.7-150000.5.10.3 * libslang2-2.3.1a-150000.5.2.3 * slang-debugsource-2.3.1a-150000.5.2.3 * slang-devel-2.3.1a-150000.5.2.3 * ppp-debugsource-2.4.7-150000.5.10.3 * libnewt0_52-0.52.20-150000.7.2.3 * libnewt0_52-debuginfo-0.52.20-150000.7.2.3 * python3-newt-0.52.20-150000.7.2.3 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * rp-pppoe-3.12-150000.6.6.2 * rp-pppoe-debuginfo-3.12-150000.6.6.2 * rp-pppoe-debugsource-3.12-150000.6.6.2 * bluez-debuginfo-5.62-150400.4.10.3 * bluez-cups-debuginfo-5.62-150400.4.10.3 * bluez-cups-5.62-150400.4.10.3 * bluez-debugsource-5.62-150400.4.10.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194715 * https://bugzilla.suse.com/show_bug.cgi?id=1204549 * https://bugzilla.suse.com/show_bug.cgi?id=1205529 * https://jira.suse.com/browse/SLE-24004 * https://jira.suse.com/browse/SMO-202 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:43 -0000 Subject: SUSE-RU-2023:1937-1: moderate: Recommended update for multipath-tools Message-ID: <168353680342.2288.7230203460048623825@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:1937-1 Rating: moderate References: * #1203141 * #1207546 * #1209345 * #1209623 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four recommended fixes can now be installed. ## Description: This update for multipath-tools fixes the following issues: * libmultipath: avoid grouping paths wrongly with "find_multipaths smart" (bsc#1209623) * fix multipath-tools build with liburcu 0.14.0 * libmultipath: pathinfo: don't fail for devices lacking INQUIRY properties * libmpathpersist: use conf timeout for updating persistent reservations * libmultipath: check if device is in use (bsc#1203141) * libmultipath: orphan paths if coalesce_paths frees newmp (bsc#1207546) * multipathd: handle no active paths in update_map_pr (bsc#1207546) * multipathd: make pr registration consistent (bsc#1207546) * multipath.conf: improve documentation of dev_loss_tmo (bsc#1207546) * libmpathpersist: fix command keyword ordering (bsc#1207546, bsc#1209345) * libmultipath: fix 'show paths format' failure * Use "queue_mode bio" for NVMeoF/TCP devices * minor upstream bug fixes * man page fixes * hwtable fixes ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1937=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1937=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1937=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1937=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1937=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1937=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1937=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp-devel-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-devel-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp0_2_0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp0_2_0-0.9.0+117+suse.78cc20b-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * multipath-tools-debugsource-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp-devel-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-devel-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1 * libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1 * multipath-tools-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp0_2_0-debuginfo-0.9.0+117+suse.78cc20b-150400.4.13.1 * libdmmp0_2_0-0.9.0+117+suse.78cc20b-150400.4.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203141 * https://bugzilla.suse.com/show_bug.cgi?id=1207546 * https://bugzilla.suse.com/show_bug.cgi?id=1209345 * https://bugzilla.suse.com/show_bug.cgi?id=1209623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:45 -0000 Subject: SUSE-RU-2023:1936-1: moderate: Recommended update for multipath-tools Message-ID: <168353680507.2288.13958694421477888642@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:1936-1 Rating: moderate References: * #1207546 * #1209345 * #1209623 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has three recommended fixes can now be installed. ## Description: This update for multipath-tools fixes the following issues: * libmultipath: avoid grouping paths wrongly with "find_multipaths smart" (bsc#1209623) * libmpathpersist: fix command keyword ordering (bsc#1207546, bsc#1209345) * libmultipath: fix 'show paths format' failure ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1936=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1936=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1936=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1936=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1936=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1936=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1936=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1936=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1936=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1936=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1936=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1936=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libdmmp-devel-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-devel-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * libdmmp0_2_0-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kpartx-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debugsource-0.8.5+135+suse.287276f-150300.2.20.1 * multipath-tools-debuginfo-0.8.5+135+suse.287276f-150300.2.20.1 * libmpath0-0.8.5+135+suse.287276f-150300.2.20.1 * kpartx-0.8.5+135+suse.287276f-150300.2.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207546 * https://bugzilla.suse.com/show_bug.cgi?id=1209345 * https://bugzilla.suse.com/show_bug.cgi?id=1209623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:45 -0000 Subject: SUSE-RU-2023:1935-1: moderate: Recommended update for osinfo-db Message-ID: <168353680599.2288.17208108491163060283@smelt2.suse.de> # Recommended update for osinfo-db Announcement ID: SUSE-RU-2023:1935-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for osinfo-db fixes the following issues: * Update to database version 20230308 * Add support for SLE Micro 5.4 * [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management (jsc#PED-2113) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1935=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1935=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1935=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1935=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1935=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1935=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1935=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * osinfo-db-20230308-150400.3.9.1 * openSUSE Leap 15.4 (noarch) * osinfo-db-20230308-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * osinfo-db-20230308-150400.3.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * osinfo-db-20230308-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * osinfo-db-20230308-150400.3.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * osinfo-db-20230308-150400.3.9.1 * Basesystem Module 15-SP4 (noarch) * osinfo-db-20230308-150400.3.9.1 ## References: * https://jira.suse.com/browse/PED-2113 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:47 -0000 Subject: SUSE-RU-2023:1934-1: moderate: Recommended update for galera-4 Message-ID: <168353680739.2288.3466247542511627112@smelt2.suse.de> # Recommended update for galera-4 Announcement ID: SUSE-RU-2023:1934-1 Rating: moderate References: * #1198937 Affected Products: * Galera for Ericsson 15 SP3 * Galera for Ericsson 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for galera-4 fixes the following issues: * Update to 26.4.14: * Memory leak in the gcs gcomm backend fixed (tp_ object deleted in GCommConn destructor). * protonet.backend option deprecated since it only supports one option, asio, and the option will be removed in future release. * socket.ssl_compression as SSL compression cannot be enabled and the option will be removed in future releases. * library could parse incorrect parameters as long as it had a "good" prefix, i.e. evs.*, so fix prevents setting of invalid option values. * Parsing of ISO8601 durations previously accepted invalid values, now fixed. * in addition to ISO8601 format, parsing durations now supports real number representation. * Update to 26.4.13: * Complete IO for client handshake before starting an asynchronous read to fix an occasional connection failure when establishing new cluster connections. * EOF-while-reading errors now suppressed when using OpenSSL 3.0. * Commit sed changes to file (bsc#1198937) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-1934=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2023-1934=1 ## Package List: * Galera for Ericsson 15 SP3 (x86_64) * galera-4-26.4.14-150300.1.11.1 * galera-4-debugsource-26.4.14-150300.1.11.1 * galera-4-wsrep-provider-debuginfo-26.4.14-150300.1.11.1 * galera-4-debuginfo-26.4.14-150300.1.11.1 * galera-4-wsrep-provider-26.4.14-150300.1.11.1 * Galera for Ericsson 15 SP4 (x86_64) * galera-4-26.4.14-150300.1.11.1 * galera-4-debugsource-26.4.14-150300.1.11.1 * galera-4-wsrep-provider-debuginfo-26.4.14-150300.1.11.1 * galera-4-debuginfo-26.4.14-150300.1.11.1 * galera-4-wsrep-provider-26.4.14-150300.1.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1198937 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:50 -0000 Subject: SUSE-RU-2023:1933-1: moderate: Recommended update for grub2 Message-ID: <168353681076.2288.18403392259003656348@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:1933-1 Rating: moderate References: * #1187810 * #1207064 * #1209165 * #1209234 * #1209372 * #1209667 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has six recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) * Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1933=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1933=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1933=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1933=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1933=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1933=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1933=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1933=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * grub2-i386-pc-2.02-161.1 * grub2-debugsource-2.02-161.1 * grub2-2.02-161.1 * grub2-x86_64-efi-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE OpenStack Cloud 9 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * grub2-i386-pc-2.02-161.1 * grub2-debugsource-2.02-161.1 * grub2-2.02-161.1 * grub2-x86_64-efi-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * grub2-debugsource-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * grub2-debugsource-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x) * grub2-s390x-emu-2.02-161.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * grub2-debugsource-2.02-161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * grub2-arm64-efi-2.02-161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * grub2-arm64-efi-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * grub2-s390x-emu-2.02-161.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * grub2-2.02-161.1 * grub2-debuginfo-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * grub2-snapper-plugin-2.02-161.1 * grub2-x86_64-xen-2.02-161.1 * grub2-systemd-sleep-plugin-2.02-161.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-161.1 * grub2-i386-pc-2.02-161.1 * grub2-debugsource-2.02-161.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1187810 * https://bugzilla.suse.com/show_bug.cgi?id=1207064 * https://bugzilla.suse.com/show_bug.cgi?id=1209165 * https://bugzilla.suse.com/show_bug.cgi?id=1209234 * https://bugzilla.suse.com/show_bug.cgi?id=1209372 * https://bugzilla.suse.com/show_bug.cgi?id=1209667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:54 -0000 Subject: SUSE-RU-2023:1932-1: moderate: Recommended update for grub2 Message-ID: <168353681421.2288.9779983531570792917@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:1932-1 Rating: moderate References: * #1187810 * #1189036 * #1207064 * #1209165 * #1209234 * #1209372 * #1209667 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has seven recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) * Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1932=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1932=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1932=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1932=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1932=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1932=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1932=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1932=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1932=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1932=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1932=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1932=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * grub2-s390x-emu-2.04-150300.22.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * grub2-debugsource-2.04-150300.22.37.1 * SUSE Manager Proxy 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Manager Proxy 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * SUSE Manager Server 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Manager Server 4.2 (s390x x86_64) * grub2-debugsource-2.04-150300.22.37.1 * SUSE Manager Server 4.2 (s390x) * grub2-s390x-emu-2.04-150300.22.37.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Enterprise Storage 7.1 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-systemd-sleep-plugin-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * grub2-powerpc-ieee1275-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * grub2-debuginfo-2.04-150300.22.37.1 * grub2-2.04-150300.22.37.1 * grub2-debugsource-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * grub2-arm64-efi-2.04-150300.22.37.1 * grub2-x86_64-xen-2.04-150300.22.37.1 * grub2-x86_64-efi-2.04-150300.22.37.1 * grub2-i386-pc-2.04-150300.22.37.1 * grub2-snapper-plugin-2.04-150300.22.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1187810 * https://bugzilla.suse.com/show_bug.cgi?id=1189036 * https://bugzilla.suse.com/show_bug.cgi?id=1207064 * https://bugzilla.suse.com/show_bug.cgi?id=1209165 * https://bugzilla.suse.com/show_bug.cgi?id=1209234 * https://bugzilla.suse.com/show_bug.cgi?id=1209372 * https://bugzilla.suse.com/show_bug.cgi?id=1209667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:06:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:06:57 -0000 Subject: SUSE-FU-2023:1919-1: moderate: Recommended update for kernel-firmware-nvidia-gsp-G06 Message-ID: <168353681798.2288.9430050503111287596@smelt2.suse.de> # Recommended update for kernel-firmware-nvidia-gsp-G06 Announcement ID: SUSE-FU-2023:1919-1 Rating: moderate References: * #1173733 * #1207495 * #1207520 Affected Products: * Basesystem Module 15-SP4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has three feature fixes can now be installed. ## Description: This update for kernel-firmware-nvidia-gsp-G06 fixes the following issue: * New package kernel-firmware-nvidia-gsp-G06 firmware 525.105.17 * New package nvidia-open-driver-G06-signed: Added config files needed to fix repackaging step required for securebooot signing kernel modules (bsc#1207520) Added config to omit nvidia modules in initrd (bsc#1173733) Added conflicts to nvidia-driver-G06-kmp package (bsc#1207495) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1919=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1919=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gsp-G06-525.105.17-150400.9.5.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-525.105.17_k5.14.21_150400.24.55-150400.9.5.3 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-525.105.17_k5.14.21_150400.24.55-150400.9.5.3 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-525.105.17_k5.14.21_150400.14.40-150400.9.5.3 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-525.105.17_k5.14.21_150400.14.40-150400.9.5.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1173733 * https://bugzilla.suse.com/show_bug.cgi?id=1207495 * https://bugzilla.suse.com/show_bug.cgi?id=1207520 * https://jira.suse.com/browse/PED-2658 * https://jira.suse.com/browse/SLE-24579 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:00 -0000 Subject: SUSE-RU-2023:1918-1: moderate: Recommended update for yast2-online-update Message-ID: <168353682097.2288.8015682931349554800@smelt2.suse.de> # Recommended update for yast2-online-update Announcement ID: SUSE-RU-2023:1918-1 Rating: moderate References: * #1205913 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for yast2-online-update fixes the following issues: * Fix showing of release notes when we update a rubygem (bsc#1205913) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1918=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1918=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1918=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1918=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1918=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1918=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1918=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1918=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1918=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1918=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1918=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1918=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1918=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Manager Server 4.2 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 * SUSE Enterprise Storage 7 (noarch) * yast2-online-update-frontend-4.2.3-150200.3.3.1 * yast2-online-update-4.2.3-150200.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205913 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:02 -0000 Subject: SUSE-RU-2023:1917-1: moderate: Recommended update for yast2-online-update Message-ID: <168353682264.2288.6637547641906822011@smelt2.suse.de> # Recommended update for yast2-online-update Announcement ID: SUSE-RU-2023:1917-1 Rating: moderate References: * #1205913 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-online-update fixes the following issues: * Fix showing of release notes when we update a rubygem (bsc#1205913) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1917=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1917=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-online-update-frontend-4.4.5-150400.3.6.1 * yast2-online-update-4.4.5-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * yast2-online-update-frontend-4.4.5-150400.3.6.1 * yast2-online-update-4.4.5-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205913 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:04 -0000 Subject: SUSE-RU-2023:1916-1: low: Recommended update for sles-release Message-ID: <168353682403.2288.17729952969949536819@smelt2.suse.de> # Recommended update for sles-release Announcement ID: SUSE-RU-2023:1916-1 Rating: low References: * #1208529 Affected Products: * SUSE Linux Enterprise Server 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for sles-release fixes the following issue: * Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-2023-1916=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * sles-release-15.4-150400.58.7.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208529 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:05 -0000 Subject: SUSE-RU-2023:1915-1: moderate: Recommended update for kexec-tools Message-ID: <168353682550.2288.11327393489554470103@smelt2.suse.de> # Recommended update for kexec-tools Announcement ID: SUSE-RU-2023:1915-1 Rating: moderate References: * #1202820 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for kexec-tools fixes the following issues: * kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1915=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1915=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1915=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1915=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1915=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1915=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1915=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kexec-tools-2.0.20-150400.16.6.1 * kexec-tools-debugsource-2.0.20-150400.16.6.1 * kexec-tools-debuginfo-2.0.20-150400.16.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202820 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:07 -0000 Subject: SUSE-SU-2023:1914-1: moderate: Security update for openssl-1_0_0 Message-ID: <168353682722.2288.145729502073359146@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:1914-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1914=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1914=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1914=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1914=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1914=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1914=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1914=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1914=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1914=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE OpenStack Cloud 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-3.72.1 * libopenssl-1_0_0-devel-1.0.2p-3.72.1 * libopenssl1_0_0-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.72.1 * libopenssl1_0_0-hmac-1.0.2p-3.72.1 * openssl-1_0_0-debuginfo-1.0.2p-3.72.1 * openssl-1_0_0-debugsource-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.72.1 * libopenssl1_0_0-32bit-1.0.2p-3.72.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:09 -0000 Subject: SUSE-RU-2023:1913-1: moderate: Recommended update for libslirp, slirp4netns Message-ID: <168353682915.2288.14473313157327831704@smelt2.suse.de> # Recommended update for libslirp, slirp4netns Announcement ID: SUSE-RU-2023:1913-1 Rating: moderate References: * #1201551 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix "DHCP broken in libslirp v4.6.0" Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson at 70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * \--enable-sandbox is now out of experimental ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1913=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1913=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1913=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1913=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1913=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1913=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1913=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1913=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1913=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1913=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1913=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1913=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1913=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * libslirp-devel-4.7.0+44-150300.15.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * libslirp-devel-4.7.0+44-150300.15.2 * libslirp0-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * libslirp-devel-4.7.0+44-150300.15.2 * libslirp0-4.7.0+44-150300.15.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * libslirp0-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * slirp4netns-debuginfo-1.2.0-150300.8.5.2 * slirp4netns-1.2.0-150300.8.5.2 * slirp4netns-debugsource-1.2.0-150300.8.5.2 * libslirp0-4.7.0+44-150300.15.2 * libslirp-debugsource-4.7.0+44-150300.15.2 * libslirp0-debuginfo-4.7.0+44-150300.15.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201551 * https://jira.suse.com/browse/PED-2771 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 09:07:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 09:07:11 -0000 Subject: SUSE-RU-2023:1878-1: moderate: Recommended update for release-notes-sles Message-ID: <168353683159.2288.5978944384434704619@smelt2.suse.de> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:1878-1 Rating: moderate References: * #1188762 * #933411 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 An update that contains 23 features and has two recommended fixes can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * Update to 15.3.20230301 (tracked in bsc#933411) * Added note about silencing killmode=none (jsc#PED-407) * Added note about by-id/wwn- change (bsc#1188762) * Added note about frr (jsc#SLE-13591) * Added note about ssh-import-id GitHub support (jsc#SLE-20079) * Added note about adcli --dont-expire-password (jsc#SLE-21224) * Added note about NVMe-oF in dracut (jsc#SLE-17091) * Added note about vPMU optimization (jsc#SLE-12687) * Added note about snapper btrfs snapshot cleanup (jsc#SLE-16031) * Added note about redis and bindings (jsc#SLE-11036) * Added note about zram on low-mem devices (jsc#SLE-17630) * Added note about wsmancli moving to basesystem (jsc#SLE-22844) * Added note about scap-security-guide (jsc#SLE-20292) * Added note about libreiserfs removal (jsc#SLE-17723) * Added note about icu 69.1 (jsc#SLE-17893) * Added note about blog 2.26 (jsc#SLE-23233) * Added note about libpwquality-tools (jsc#SLE-23623) * Added note about DFS share failover (jsc#SLE-20042) * Added note about git 2.35.3 (jsc#SLE-23332) * Added note about tcl 8.6.12 (jsc#SLE-21016) * Added note about Rust developer tools (jsc#SLE-23381) * Added note about PostgreSQL 14 (jsc#SLE-20675) * Added note about NodeJS 16 (jsc#SLE-21235) * Added note about strongSwan namespace support (jsc#SLE-17756) * Added note about mariadb-galera (jsc#SLE-22242) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-1878=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1878=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1878=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 (noarch) * release-notes-sles-15.3.20230301-150300.3.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * release-notes-sles-15.3.20230301-150300.3.32.1 * SUSE Enterprise Storage 7.1 (noarch) * release-notes-sles-15.3.20230301-150300.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1188762 * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-407 * https://jira.suse.com/browse/SLE-11036 * https://jira.suse.com/browse/SLE-12687 * https://jira.suse.com/browse/SLE-13591 * https://jira.suse.com/browse/SLE-16031 * https://jira.suse.com/browse/SLE-17091 * https://jira.suse.com/browse/SLE-17630 * https://jira.suse.com/browse/SLE-17723 * https://jira.suse.com/browse/SLE-17756 * https://jira.suse.com/browse/SLE-17893 * https://jira.suse.com/browse/SLE-20042 * https://jira.suse.com/browse/SLE-20079 * https://jira.suse.com/browse/SLE-20292 * https://jira.suse.com/browse/SLE-20675 * https://jira.suse.com/browse/SLE-21016 * https://jira.suse.com/browse/SLE-21224 * https://jira.suse.com/browse/SLE-21235 * https://jira.suse.com/browse/SLE-22242 * https://jira.suse.com/browse/SLE-22844 * https://jira.suse.com/browse/SLE-23233 * https://jira.suse.com/browse/SLE-23332 * https://jira.suse.com/browse/SLE-23381 * https://jira.suse.com/browse/SLE-23623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2125-1: important: Security update for containerd Message-ID: <168354900232.26966.7355922111906466338@smelt2.suse.de> # Security update for containerd Announcement ID: SUSE-SU-2023:2125-1 Rating: important References: * #1210298 Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for containerd fixes the following issues: * containerd was rebuilt with a current GO compiler, catching up to bug and security fixes provided by go. (bsc#1210298) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-2125=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * containerd-1.6.19-16.79.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 12:30:03 -0000 Subject: SUSE-RU-2023:2124-1: moderate: Recommended update for python-azure-mgmt, python-azure-sdk Message-ID: <168354900388.26966.7980704187715482263@smelt2.suse.de> # Recommended update for python-azure-mgmt, python-azure-sdk Announcement ID: SUSE-RU-2023:2124-1 Rating: moderate References: * #1210019 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for python-azure-mgmt, python-azure-sdk fixes the following issues: * Add additional packages from the Azure SDK to Requires (bsc#1210019) * python-azure-mgmt-azurestack * python-azure-mgmt-databoxedge * python-azure-mgmt-vmwarecloudsimple * Add missing management meta package to Requires (bsc#1210019) * python-azure-mgmt * Remove bogus package dependency from Requires * python-azure-eventhub-checkpointstoreblob-aio ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2124=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-azure-mgmt-4.0.0-2.20.1 * python3-azure-sdk-4.0.0-16.12.1 * python-azure-sdk-4.0.0-16.12.1 * python-azure-mgmt-4.0.0-2.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210019 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 12:30:05 -0000 Subject: SUSE-SU-2023:2123-1: moderate: Security update for dnsmasq Message-ID: <168354900526.26966.11530100071767493799@smelt2.suse.de> # Security update for dnsmasq Announcement ID: SUSE-SU-2023:2123-1 Rating: moderate References: * #1209358 Cross-References: * CVE-2023-28450 CVSS scores: * CVE-2023-28450 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28450 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for dnsmasq fixes the following issues: * CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2123=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2123=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2123=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2123=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2123=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2123=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2123=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2123=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * dnsmasq-utils-debuginfo-2.78-18.21.1 * dnsmasq-utils-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-debuginfo-2.78-18.21.1 * SUSE OpenStack Cloud 8 (x86_64) * dnsmasq-utils-debuginfo-2.78-18.21.1 * dnsmasq-utils-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-debuginfo-2.78-18.21.1 * SUSE OpenStack Cloud 9 (x86_64) * dnsmasq-utils-debuginfo-2.78-18.21.1 * dnsmasq-utils-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-debuginfo-2.78-18.21.1 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * dnsmasq-utils-debuginfo-2.78-18.21.1 * dnsmasq-utils-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-debuginfo-2.78-18.21.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * dnsmasq-utils-debuginfo-2.78-18.21.1 * dnsmasq-utils-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-debuginfo-2.78-18.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * dnsmasq-debuginfo-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-2.78-18.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-2.78-18.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * dnsmasq-debuginfo-2.78-18.21.1 * dnsmasq-debugsource-2.78-18.21.1 * dnsmasq-2.78-18.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28450.html * https://bugzilla.suse.com/show_bug.cgi?id=1209358 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 12:30:07 -0000 Subject: SUSE-SU-2023:2122-1: important: Security update for redis Message-ID: <168354900701.26966.17829460018116741216@smelt2.suse.de> # Security update for redis Announcement ID: SUSE-SU-2023:2122-1 Rating: important References: * #1208790 * #1208793 * #1210548 Cross-References: * CVE-2022-36021 * CVE-2023-25155 * CVE-2023-28856 CVSS scores: * CVE-2022-36021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25155 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-25155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790). * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field (bsc#1210548). * CVE-2023-25155: Fixed integer overflow in RAND commands that can lead to assertion (bsc#1208793). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2122=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2122=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * redis-6.2.6-150400.3.19.1 * redis-debugsource-6.2.6-150400.3.19.1 * redis-debuginfo-6.2.6-150400.3.19.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * redis-6.2.6-150400.3.19.1 * redis-debugsource-6.2.6-150400.3.19.1 * redis-debuginfo-6.2.6-150400.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36021.html * https://www.suse.com/security/cve/CVE-2023-25155.html * https://www.suse.com/security/cve/CVE-2023-28856.html * https://bugzilla.suse.com/show_bug.cgi?id=1208790 * https://bugzilla.suse.com/show_bug.cgi?id=1208793 * https://bugzilla.suse.com/show_bug.cgi?id=1210548 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 12:30:08 -0000 Subject: SUSE-RU-2023:2121-1: moderate: Recommended update for jeos-firstboot Message-ID: <168354900808.26966.16838046723130085628@smelt2.suse.de> # Recommended update for jeos-firstboot Announcement ID: SUSE-RU-2023:2121-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for jeos-firstboot fixes the following issues: * Update to version 1.2.0.5: Support /usr/lib/os-release Rewrite license code Don't ask for licence confirmation if not needed Deduplicate wifi list Make use of SPDX identifiers Read dialog output into a variable directly Drop broken error handling for dialog Fix dialog asking about wicked network reconfiguration Start nmtui in jeos-firstboot if no active connection could be detected Load network modules dynamically Only list applicable modules in jeos-config Convert network configuration to a module Fix size of the "No root password set" dialog * Switch git URL to https * Don't require wicked nor NetworkManager ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2121=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2121=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jeos-firstboot-1.2.0.5-150400.3.5.1 * jeos-firstboot-rpiwifi-1.2.0.5-150400.3.5.1 * Development Tools Module 15-SP4 (noarch) * jeos-firstboot-1.2.0.5-150400.3.5.1 * jeos-firstboot-rpiwifi-1.2.0.5-150400.3.5.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2127-1: important: Security update for go1.19 Message-ID: <168356340676.5556.12091075741098126379@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:2127-1 Rating: important References: * #1200441 * #1210127 * #1210128 * #1210129 * #1210130 * #1210938 * #1210963 * #1211029 * #1211030 * #1211031 * #1211073 Cross-References: * CVE-2023-24534 * CVE-2023-24536 * CVE-2023-24537 * CVE-2023-24538 * CVE-2023-24539 * CVE-2023-24540 * CVE-2023-29400 CVSS scores: * CVE-2023-24534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24534 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24537 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24537 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24538 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-24538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24539 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-24540 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-29400 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities, contains one feature and has four fixes can now be installed. ## Description: This update for go1.19 fixes the following issues: Update to 1.19.9 (bnc#1200441): \- CVE-2023-24539: fixed an improper sanitization of CSS values (bnc#1211029). \- CVE-2023-24540: fixed an improper handling of JavaScript whitespace (bnc#1211030). \- CVE-2023-29400: fixed an improper handling of empty HTML attributes (bnc#1211031). \- runtime: automatically bump RLIMIT_NOFILE on Unix \- cmd/compile: inlining function that references function literals generates bad code. \- cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. \- crypto/tls: TLSv1.3 connection fails with invalid PSK binder. \- cmd/compile: incorrect inline function variable. Non-security fixes: * Various packaging fixes (boo#1210963, boo#1210938, boo#1211073) * Reduced install size (jsc#PED-1962). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2127=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2127=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2127=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2127=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2127=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2127=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2127=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2127=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.9-150000.1.31.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.9-150000.1.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * go1.19-race-1.19.9-150000.1.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * go1.19-race-1.19.9-150000.1.31.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * go1.19-race-1.19.9-150000.1.31.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * go1.19-race-1.19.9-150000.1.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * go1.19-race-1.19.9-150000.1.31.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.19-doc-1.19.9-150000.1.31.1 * go1.19-1.19.9-150000.1.31.1 * go1.19-race-1.19.9-150000.1.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24534.html * https://www.suse.com/security/cve/CVE-2023-24536.html * https://www.suse.com/security/cve/CVE-2023-24537.html * https://www.suse.com/security/cve/CVE-2023-24538.html * https://www.suse.com/security/cve/CVE-2023-24539.html * https://www.suse.com/security/cve/CVE-2023-24540.html * https://www.suse.com/security/cve/CVE-2023-29400.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1210127 * https://bugzilla.suse.com/show_bug.cgi?id=1210128 * https://bugzilla.suse.com/show_bug.cgi?id=1210129 * https://bugzilla.suse.com/show_bug.cgi?id=1210130 * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1210963 * https://bugzilla.suse.com/show_bug.cgi?id=1211029 * https://bugzilla.suse.com/show_bug.cgi?id=1211030 * https://bugzilla.suse.com/show_bug.cgi?id=1211031 * https://bugzilla.suse.com/show_bug.cgi?id=1211073 * https://jira.suse.com/browse/PED-1962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 16:30:09 -0000 Subject: SUSE-SU-2023:2105-2: important: Security update for go1.20 Message-ID: <168356340977.5556.1891118603736149211@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:2105-2 Rating: important References: * #1206346 * #1210127 * #1210128 * #1210129 * #1210130 * #1210938 * #1210963 * #1211029 * #1211030 * #1211031 Cross-References: * CVE-2023-24534 * CVE-2023-24536 * CVE-2023-24537 * CVE-2023-24538 * CVE-2023-24539 * CVE-2023-24540 * CVE-2023-29400 CVSS scores: * CVE-2023-24534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24534 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24537 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24537 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24538 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-24538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24539 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-24540 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-29400 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 An update that solves seven vulnerabilities and has three fixes can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to 1.20.4 (bnc#1206346): \- CVE-2023-24539: Fixed an improper sanitization of CSS values (boo#1211029). \- CVE-2023-24540: Fixed an improper handling of JavaScript whitespace (boo#1211030). \- CVE-2023-29400: Fixed an improper handling of empty HTML attributes (boo#1211031). \- runtime: automatically bump RLIMIT_NOFILE on Unix. \- crypto/subtle: xor fails when run with race+purego. \- cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. \- cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int). \- cmd/compile: miscompilation in star- tex.org/x/cmd/star-tex. \- net/http: FileServer no longer serves content for POST. \- crypto/tls: TLSv1.3 connection fails with invalid PSK binder. \- cmd/compile: incorrect inline function variable. \- cmd/compile: Unified IR exports table is binary unstable in presence of generics. \- go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT. Non-security fixes: * Reverted go1.x Suggests go1.x-race (boo#1210963). * Re-enabled binary stripping and debuginfo (boo#1210938). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2105=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.20-race-1.20.4-150000.1.11.1 * go1.20-doc-1.20.4-150000.1.11.1 * go1.20-debuginfo-1.20.4-150000.1.11.1 * go1.20-1.20.4-150000.1.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24534.html * https://www.suse.com/security/cve/CVE-2023-24536.html * https://www.suse.com/security/cve/CVE-2023-24537.html * https://www.suse.com/security/cve/CVE-2023-24538.html * https://www.suse.com/security/cve/CVE-2023-24539.html * https://www.suse.com/security/cve/CVE-2023-24540.html * https://www.suse.com/security/cve/CVE-2023-29400.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1210127 * https://bugzilla.suse.com/show_bug.cgi?id=1210128 * https://bugzilla.suse.com/show_bug.cgi?id=1210129 * https://bugzilla.suse.com/show_bug.cgi?id=1210130 * https://bugzilla.suse.com/show_bug.cgi?id=1210938 * https://bugzilla.suse.com/show_bug.cgi?id=1210963 * https://bugzilla.suse.com/show_bug.cgi?id=1211029 * https://bugzilla.suse.com/show_bug.cgi?id=1211030 * https://bugzilla.suse.com/show_bug.cgi?id=1211031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 16:30:12 -0000 Subject: SUSE-SU-2023:2126-1: moderate: Security update for cfengine, cfengine-masterfiles Message-ID: <168356341245.5556.13801007375968958620@smelt2.suse.de> # Security update for cfengine, cfengine-masterfiles Announcement ID: SUSE-SU-2023:2126-1 Rating: moderate References: * #1086475 * #1197029 * #1197031 Cross-References: * CVE-2021-44215 * CVE-2021-44216 CVSS scores: * CVE-2021-44215 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2021-44215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-44216 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-44216 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Advanced Systems Management Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for cfengine, cfengine-masterfiles fixes the following issues: Changes in cfengine: * cfengine3.target: removed, replaced by upstream cfengine3.service * In version 3.15.0, cfengine core split off libutils and libcompat directories as libntech. We include both together as we do not use or plan on using it outside of cfengine. Changes since 3.7.3 are below, in reverse chronological order: * Update to version 3.21.0: (jsc#SLE-24222, bsc#1197029, CVE-2021-44215) * Added cf-support utility for generating support information (ENT-9037) * Adjusted cf-check and package module code for empty updates list (ENT-9050) * '$(this.promiser)' can now be used in 'files' promise attributes 'if', 'ifvarclass' and 'unless' (CFE-2262, ENT-7008) * Fixed storage promise for nfs on MacOS (CFE-4093) * Fixed definition of _low_ldt class from cf-monitord (CFE-4022) * Insertion of contents of a file with blank lines into another file with blank lines no longer results in mixed content (ENT-8788) * Added suggestion to use a negative lookahead when non-convergent edits are attempted (CFE-192) * Unresolved function calls that return scalar values are now considered OK for constraints expecting strings during syntax check (CFE-4094) * cf-monitord now honors monitorfacility in body monitor control (ENT-4492) * cf-serverd now periodically reloads its policy if it contains unresolved variables (e.g. $(sys.policy_hub) in 'allowconnect'). (ENT-8456) * cf-serverd now starts in the network-online.target on systemd-based systems (ENT-8456) * edit_line bundles can now use the new $(edit.empty_before_use) variable mirroring the value of edit_defaults=>empty_before_use of the related files promise (ENT-5866) * Package modules with unresolved variables in their names are now skipped in package queries (ENT-9377) * Removed unsupported name_connect capability for udp_socket class (ENT-8824) * 'meta' attribute can now be used in custom promises (CFE-3440) * Custom promise modules can now support the 'action_policy' feature allowing promises of their custom types to be used in dry-run and simulation modes and in combination with 'action_policy => "warn"'. (CFE-3433) * Use of custom promise modules that don't fully specify protocol now results in warning (CFE-3433) * Warnings are logged if levels of log messages from custom promise modules don't match results of their related promises (CFE-3433) * Adjusted SELinux policy for RHEL 9 (ENT-8824) * Fixed SELinux policy to allow hub to send emails (ENT-9557, ENT-9473) * SELinux no longer breaks SQL queries with large result sets on RHEL 8 hubs (ENT-9496) * Added SELinux LDAP port access for Mission Portal (ENT-9694) * Allowed ciphers are now properly split into TLS 1.3 cipher suites and ciphers used for TLS 1.2 and older (ENT-9018) * Fixed git_cfbs_deploy_refspec in masterfiles_stage leaving temp dir * Update to version 3.20.0: * 'rxdirs' now defaults to "false". This means that the read permission bit no longer implies execute bit for directories, by default. Permission bits will be exactly as specified. To restore the old behavior you can still enable 'rxdirs' explicitly. (CFE-951) * 'N' or 'Ns' signal specs can now be used to sleep between signals sent by 'processes' promises (CFE-2207, ENT-5899) * Directories named .no-distrib are no longer copied from policy server (in bootstrap/failsafe) (ENT-8079) * Files promises using content attribute or template method now create files by default unless create => "false" is specified. (CFE-3955, CFE-3916) * template_method mustache and inline_mustache now create file in promiser, if template rendering was successfull and file does not exist. (ENT-4792) * Added support for use of custom bodies in custom promise types (CFE-3574) * Custom promise modules now never get promise data with unresolved variables (CFE-3434) * Custom promises now use standard promise locking and support ifelapsed (CFE-3434) * Enable comment-attribute for custom promise types (CFE-3432) * cf-secret encrypt now encrypts for localhost if no key or host is specified (CFE-3874) * CFEngine now builds with OpenSSL 3 (ENT-8355) * CFEngine now requires OpenSSL 1.0.0 or newer (ENT-8355) * Moved Skipping loading of duplicate policy file messages from VERBOSE to DEBUG (CFE-3934) * CFEngine processes now try to use getent if the builtin user/group info lookup fails (CFE-3937) * No longer possible to undefine reserved hard classes (ENT-7718) * Unspecified 'rxdirs' now produces a warning (CFE-951) * Fixed wrong use of log level in users promises log messages (CFE-3906) * Fixed default for ignore_missing_bundles and ignore_missing_inputs The issue here was that these attributes should default to false, but when they are assigned with an unresolved variable, they would default to true. (ENT-8430) * Added protocol 3 (cookie) to syntax description (ENT-8560) * Moved errors from data_sysctlvalues from inform to verbose (CFE-3818) * Fixed inconsistencies with methods promises and missing bundles * Update to 3.10.3 (fate#323149, bsc#1086475) * Enable Xen hypervisor detection on all x86 platforms (CFE-2203) * cf-execd systemd service now only kills cf-execd itself (ENT-3395) * Ignore commented out entries in fstab when edit_fstab is true. (CFE-2198) * Do not move obstructions in warn policy mode (CFE-2740) * libutils/man.c: allow to override build time * Improve support for Alpine Linux * Promise comments for file changes moved to verbose (ENT-3414) * cf-execd now re-parses augments on policy reload (CFE-2406) * Fix memory leak in cf-execd, triggered when sending email failed. (CFE-2712) * Improve logging of ACL errors (ENT-3455) * Fix bug preventing permission changes on Unix sockets. (CFE-1782) * Do not tag large volatile variables for inventory sys.interfaces_data, sys.inet and sys.inet6 are commonly larger than the maximum data size allowed to be collected by cf-hub. Data larger than 1k is truncated. Instead of reporting truncated data this change stops tagging the variable so that it will not be collected to the Enterprise hub and will not be available in Mission Portal. Do not tag sys.inet and sys.inet6 for inventory (ENT-3483) * Fix mergedata segfault when called on a non-container (CFE-2704) * fix storage mount promise when existing mount point has a similar path (CFE-1960) * Properly redirect init script to systemd on debian systems (ENT-3326) * Do not segfault if policy_server.dat only contains whitespaces and/or line breaks * Fix segfault when cf-promises -p is called against a file with syntax errors. (CFE-2696) * Fix rare cf-execd hang (CFE-2719) * Properly reverse-resolve DNS names longer than 63 chars. (ENT-3379) * Fix segfault on JSON policy files with no bundles and bodies (CFE-2754) * Set the exit value when running cf-key When running cf-key to generate new keys, set the exit value of the program to be 0 on success and 1 on failure. This makes it easier to catch errors during setup of a new machine. Change the default behavior of the program to not write anything to stdout, opting to use the Log() function which can write to stdout and will also allow output to be sent to syslog. Add a --inform option to set the global log level to LOG_LEVEL_INFO. Change the permissions of the randseed file to 600 and catch the exception if the chmod call fails. * Improve misleading verbose message For constraints if/ifvarclass/unless, we now print the whole rval of the constraint. Previously the message was just "skipping variable because ifvarclass is not defined" while the variable itself was defined. Old message example: verbose: Skipping promise 'mailto' because 'if'/'ifvarclass' is not defined Changed to: verbose: Skipping promise 'mailto' because 'ifvarclass => not(isvariable("mailto"))' is not defined (CFE-2697) * Suppress output from systemctl based restart of services in bootstrap/failsafe (CFE-1459) 3.10.2: - fix cf-execd not exiting immediately with SIGTERM on AIX (ENT-3147) - Fix logic detecting if running under a Xen Hypervisor (CFE-1563) - Fix automatic service stops based on runlevel (redhat/centos) (CFE-2611) - Allow opening symlinks owned by root or by the current user (CFE-2516) - Stop service cfengine3 status from warning on multiple httpd processes (ENT-3123) - fix IPv6 parsing to be un-reversed (CFE-2580) 3.10.1: New features/additions: - "make tar-package" should create a tarball with the contents of "make install" (ENT-3041) Bugfixes: - Fix rare output truncation on Solaris 10/11 (CFE-2527) - Change: Don't error during dry run for proposed execution. (CFE-2561) - prevent LMDB assertion on AIX by ensuring nested DB calls are not occuring during signal handler cleanup (CFE-1996) - Detect Amazon Linux and set "AmazonLinux" hard class and sys.flavour variable. - Fix "lastseenexpireafter" 32-bit signed int overflow. - Add missing pcre build flags to cf-key (CFE-2525) - Fix a bug which could cause cf-execd to believe there was an error when sending the email report, when there really wasn't. - cf-serverd: Auto configure max open files ulimit according to maxconnections (CFE-2575) - Added vars and classes for CoreOS (ENT-3043) 3.10.0: New features/additions: - All new features/additions for 3.8 and 3.9 are also included in 3.10. - Add: Classes body tailored for use with diff - New feature: Classes promise: allow classes without an expression to default to defined. - Support for custom ports and host names as policy hub (CFE-953) - Add: Definition of from_cfexecd for cf-execd initiated runs (CFE-2386) - Add < <= > >= operators to eval(). - Add testing jUnit and TAP bundles and include them in stdlib.cf - New function isipinsubnet() (ENT-7949) - LogDebug(): implement module-based debug logging. Now most DEBUG messages are *not* printed even when "-d" is in use, but the specific debug module has to be enabled on the command line. For example to enable all log modules, run: cf-agent -d --log-modules=all - Add: edit_line contains_literal_string to stdlib - add variablesmatching_as_data() function paralleling variablesmatching() (Redmine #7885) - Allow specifying agent maxconnections via def.json (CFE-2461) - Add getuserinfo() function - Add body agent control select_end_match_eof option. (CFE-2390) - Add class to enable post transfer verification during policy updates - Add ability to append to bundlesequnece with def.json (CFE-2460) - policy_server.dat now appends a newline and supports host & port Changes: - Rewrite iteration engine to avoid combinatorial explosion with nested variable expansions. This speeds up enormously the execution of policies that included long slists or JSON containers, that in the past didn't even terminate. Change: "cf_null" string literal was changed to not be something special, and it's now a string that can be used anywhere, like in slists or part of bundlesequence etc. NOTE: Old policy should be grep'ed for "cf_null" and in case such occurences were handled specially, they should be reworked. Change: "--empty-list--" is now never printed by format(), an empty list is now printed as "{ }". Change: Order of pre-evaluation was slightly changed, A new "vars" pass at the beginning of pre-evaluation was added. It used to be classes-vars, but it was changed to vars-classes-vars. As a result some classes or variables might be evaluated at a different time than before. As always try to write policy code that works no matter what the order of execution is. One way is to always *guard* the execution of functions to avoid bogus function results. For example the following will avoid running execresult() bevore the file has been created: execresult("cmd /path/to/filename") if => fileexists("/path/to/filename"); C internals: NULL Rlist is now perfectly valid, in fact it is the only way to denote an empty Rlist. C internals: Since a slist variable can be NULL, API of EvalContextVariableGet() changed: The way to detect if a variable is found, is not to check return value for NULL, but to check returned *type* for CF_DATA_TYPE_NONE. Fixed what I could find as wrong API uses. (CFE-2162) - Allow arbitrary service policies (CFE-2402) - Behaviour change: cf-execd: Do not append -Dfrom_cfexecd to exec_command . (CFE-2386) - Failsafe/Bootstrap no longer copy files starting with .git (like .gitignore) or .mailmap (CFE-2439) - Change: Enable strict transport security - Change: Disable http TRACE method - Change: Verify transfered files during policy update - Allow getvariablemetatags() and getclassmetatags() to get a specific tag key - Change: Use more restrictive unix socket perms (ENT-2705) - Add sys.user_data container for user starting agent. - Pass package promise options to underlying apt-get call (#802) (CFE-2468) - Change: Enable agent component management policy on systemd hosts (CFE-2429) - Change: Switch processes restart_class logging to verbose - Change: Log level for keeping verbatim JSON to DEBUG (CFE-2141) - Change: Require network before cfengine services (CFE-2435) - Behaviour change: getvalues(inexistent_var) returns an empty list. Restores 3.7.x and earlier behaviour. (CFE-2479) - Behaviour change: when used with CFEngine 3.10.0 or greater, bundles set_config_values() and set_line_based() are appending a trailing space when inserting a configuration option with empty value. (CFE-2466) - Behaviour change: getvalues() always returns a list now. Even when v is a simple string (i.e. not an iterable) it will return an slist with one element: the value of the string variable. - Behaviour change: readintlist() now prints an error if the file contains real numbers, not integers, and aborts; previously it was printing an info-level error message, was half-reading an integer out of the real, and was continuing successfully. - Ensure synchronous start and stop with systemctl (ENT-2841) - Change select_region INI_section to match end of section or end of file (CFE-2519) Bug fixes: - fix files promise not setting ACL properly on directories. (CFE-616) - Upgrade CFEngine dependencies to the following versions: - lixml2 2.9.4 - OpenSSL 1.0.2j - LibYAML 0.1.7 - Curl 7.50.3 - Fix cumulative() to accept up to 1000 years, like it's documented. - Fixed parsing of host name/IP and port number in cf-runagent (CFE-546) - Fix intermittent error message of type: "error: Process table lacks space for last columns: " (CFE-2371) - storage: Properly initialize the list of current mounts (CFE-1803) - Fix 'contain' attribute 'no_output' having no effect when the 'commands' promise is using 'module => "true"'. (CFE-2412) - Fix bug which caused empty emails to be sent from cf-execd if there was no previous output log and the new log was fully filtered by email filters. (ENT-2739) - allow ifelse(FALSE, $(x), "something else") to work. (CFE-2260) - Fix connection cache, reuse connections when possible. (CFE-2447) - Fix rare bug that would sometimes prevent redis-server from launching. - Fix bug in files promise when multiple owners are promised but first one doesn't exist, and improve logging . (CFE-2432) - define kept outcome with action warn if edit_line is as expected (CFE-2424) - Example using getvariablemetatags() and getclassmetatags() to get a specific tag key - Remove 2k limit on strings length when writing JSON policies (CFE-2383) - Fix ttime_range constraint to go higher than 2G as number of seconds. - Change: cronjob bundle tolerates different spacing - Allow editing fields in lines longer than 4k (CFE-2438) - Don't send empty emails for logs where everything is filtered. (ENT-2739) - allow maplist(), maparray(), and mapdata() to evaluate function calls during iteration (ARCHIVE-1619) - insert_lines is no longer implicitly matching EOF as end of the region if 'select_end' pattern is not matched . (CFE-2263) - Change: Remove executable bit from systemd units (CFE-2436) - cf-serverd should reload def.json when reloading policy (CFE-2406) - Fix cf-monitord detection of usernames of the process table on AIX. - Speed up local and remote file copying and fix spurious errors. (ENT-2769) - Fix occasional segfault when running getindices() on a variable that has indices of multiple depths (e.g. both "a[x]" and "a[x][y]"). (CFE-2397) - When no file is provided when calling cf-promises with cf or json output, use promises.cf by default. This restores the previous behavior. (CFE-2375) - Fix: Services starting or stopping unnecessarily (CFE-2421) - Change: Split systemd units (CFE-2278) - EOF is matched as an end of the region in edit_line promises only if 'select_end_match_eof' parameter is true. (CFE-2263) - Fix double logging of output_prefix, and log process name for cf-agent syslog messages. (CFE-2225) - Be less verbose if a network interface doesn't have a MAC address. (CFE-1995) - Fix: CFEngine choking on standard services (CFE-2806) - fix insert_lines related memory corruption (CFE-2520) - fix cf-serverd crash when reporting corrupted data. (ENT-3023) - Fix ability to manage INI sections with metachars for manage_variable_values_ini and set_variable_values_ini (CFE-2519) - Fix apt_get package module incorrectly using interactive mode. - Fix crash on Solaris when ps ucb variant is not available. (CFE-2506) - cf-serverd: Do not close connection when file does not exist. (CFE-2532) - getvalues() now behaves correctly for old CFEngine arrays of depth 1. Known issues: getvalues() still misbehaves with double-indexed arrays (see (CFE-2504, CFE-2536) 3.9.0: New features/additions: - Add optional interface parameter to iprange() to match only one interface. - Allow '=' in symbolic modes (Redmine #7826) - Add: FreeBSD ports package module - New package module for FreeBSD pkg package manager. - Add support for adding/removing fifos in policy - Add Linux parsing of /proc/net/ data. - sys.inet - sys.inet6 - sys.interface_data - Data is returned as a data container. - See documentation for more details. (Jira CFE-1991) - sys.ip2iface: new reverse mapping variable from IP to interface name - Namespaced classes can now be specified on the command line. - namespaces can now be passed to cf-runagent -D and --remote-bundles (Redmine #7856) - Add 'cf-full' and 'json-full' to cf-promises '-p' option. They generate output based on the entire policy. The existing 'cf' already behaved this way, and it has now been changed to generate output only for a single file, which the existing 'json' option already does. - New language functions: processexists() and findprocesses() (Redmine #7633) - Implement new regex_replace() function. (Redmine #7346) - Add log rotation policy for state/classes.jsonl log. (Redmine #7951) - Added collect_vars utility bundle to stdlib - Intoduce report_class_log attribute to body agent control. (Redmine #7951) - Add standard_services service_method allowing for explicit usage - cf-promises --show-vars can now show JSON variables. - Add json_pipe mode to mapdata(), which allows piping a JSON container to an external program for manipulation and receiving JSON back. The `jq` tool is a good example where this mode can be useful. A corresponding `$(def.jq)` variable has also been added with a default path to this tool. See documentation for mapdata() for more information and examples. (Jira CFE-2071) - behaviour change: "true" is always defined and "false" is never defined in a context expression. - Add: nimclient package module for AIX This module provides basic functionality for using nimclient as a means to ensure packages are either present or absent. It does not support listing package updates available or provide any special caching. - Add callstack_callers() and callstack_promisers() functions. - Log variable definitions in debug output. (Redmine #7137) - Add: Memory information to host info report (Jira CFE-1177) - In Mustache templates, one can now use `` and `` tags to iterate over the top level element in a container. (Redmine #6545) - Add network_connections() function that parses /proc/net - Provide new -w argument to override the workdir for testing - New feature: Emails sent by cf-execd can be filtered to get rid of emails for unwanted log messages. The attributes mailfilter_include and mailfilter_exclude in body executor control control what to include. See documentation for cf-execd for more information. (Jira CFE-2283) - Add: file_make_mustache bundle to render mustache templates - Add '-n' flag to cf-key to avoid host name lookups. - cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments (Redmine #7191) - Add "canonify" mode to mapdata(). - Add: printfile bodies to stdlib - Add: New `results` classes body [] (Redmine #7418, #7481) - Implement cf-runagent --remote-bundles and cf-serverd "bundle" access promise. (Redmine #7581) - Add commands promise arglist attribute, augmenting args attribute. - It's now possible to reference variables in inline JSON, for example: `mergedata('[ thing, { "mykey": otherthing[123] } ]')`. `thing` and `otherthing[123]` will be resolved as variables, since they are unquoted. See the documentation for more details. (Redmine #7871) - Allow inline JSON to be used in the following function calls: - data_expand() - difference() - every() - filter() - format() - getindices() - getvalues() - grep() - intersection() - join() - length() - makerule() - mapdata() - maplist() - mean() - mergedata() - none() - nth() - parsejson() - product() - regarray() - reglist() - reverse() - shuffle() - some() - sort() - storejson() - string_mustache() - sublist() - sum() - unique() - url_get() - variance() For example: `mergedata('[ "thing", { "mykey": "myvalue" } ]')` See the documentation for more details. (Jira CFE-2253) - Add: edit_line contains_literal_string to stdlib - Add body agent control select_end_match_eof option. (Jira CFE-2390) Changes: - Change: classesmatching(): order of classes changed - Change: getindices(), getvalues(), variablesmatching(), maparray(): order of variables returned has changed - Change: set_quoted_values uses bundle scoped classes - Change: set_config_values uses bundle scoped classes - Change: set_variable_values uses bundle scoped classes - Change: set_config_values_matching uses bundle scoped classes - Change: manage_variable_values_ini uses bundle scoped classes - Change: set_line_based should use bundle scoped classes (Jira CFE-1959) - getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116) - Change: Improve git drop user support - Use new package promise as default package promise implementation. (Jira CFE-2332) - Don't follow symbolic links when copying extended attributes. - When a bodydefault:_ body is defined, it will be used by all promises of type unless another body is explicitly used. - cf-serverd no longer appends "-I -Dcfruncommand" to cfruncommand, this has to be done manually in masterfiles body server control. (Redmine #7732) - eval() function arguments mode and options are now optional. - sort() function argument mode is now optional. - Change: returnszero() no longer outputs the output of a command. The output can be seen by enabling info mode (-I). - cfruncommand is not executed under shell. (Redmine #7409) - Remove: Apache CGI module - Change: Make maxbytes arg of readjson() and readyaml() optional - Classes matching agent control's abortclasses are now printed before exit, even if they are defined in common bundles. Previously the regex (in abortclasses) that matched the class was printed if the class was defined in a common bundle, but the class itself was printed if it was defined in an agent bundle. With this change, the defined class that caused the abort is always printed. - Remove: Support for email settings from augments_file (Redmine #7682) - Change: set_variable_values_ini uses bundle scoped classes - findfiles() now skips relative paths. (Redmine #7981) - Clients connections using non TLS protocol are rejected by default. . (Jira CFE-2339) - Change: Policy files specified in the "inputs" section of def.json will no longer be auto-loaded. One has to refer to the which are using the "inputs" field inside def.json. (Redmine #7961) - Change: Separate binary details from policy update (Redmine #7662) - Add guard for binary upgrade during bootstrap (Redmine #7861) - Change: Modernize pkg module and package_method - Remove: Userdir apache module - filestat(path, "linktarget") now follows non-absolute links and returns full path of target. This introduces a change in behaviour. Here is an example: $ ls -l /bin/sh lrwxrwxrwx 1 root root 4 Jun 4 2015 /bin/sh -> dash Previously the filestat function would return "dash", and would also log an error that the file can not be read. Now it will return "/bin/dash" (or the final destination if it happens that /bin/dash is also a symlink). You can still get the previous behaviour by using filestat(path, "linktarget_shallow"). (Redmine #7404) - Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf (Redmine #7861) - Behavior change: The promise string of a processes promise now matches just the command line of each process instead of the line that is output by ps. This was done to reduce fragmentation between platforms, since ps is a very nonstandardized tool. (Jira CFE-2161) - Allowed namespace names made more strict, to disallow namespaces that cannot be reached. (Redmine #7903) - Behavior change: When using readintlist(), readreallist() or readstringlist(), parsing an empty file will no longer result in a failed function call, but instead an empty list. Failure to open the file will still result in a failed function call. - insert_lines is no longer implicitly matching EOF as end of the region if 'select_end' pattern is not matched . (Jira CFE-2263) - EOF is matched as an end of the region in edit_line promises only if 'select_end_match_eof' parameter is true. (Jira CFE-2263) Bug fixes: - Upgrade CFEngine dependencies to the following versions: - Curl 7.48.0 - libxml2 2.9.4 - LMDB 0.9.18 - OpenLDAP 2.4.44 - OpenSSL 1.0.2h - PCRE 8.38 (Jira ENT-2720) - Upgrade dependencies to latest minor versions. For Community / Enterprise: For Enterprise: - Fix bug which sometimes misparses user names in ps output. - Fix: Problem with git not dropping privileges soon enough - Allow def.json up to 5MB instead of 4K. - It is possible to edit the same value in multiple regions of one file. (Redmine #7460) - CFEngine on Windows no longer truncates log messages if the program in question is killed halfway through. - Fixed a bug which caused def.json not being able to define classes based on other hard classes. (Jira CFE-2333) - Change: Tighten Enterprise hub permissions (Jira ENT-2708) - Fix a regression which would sometimes cause "Permission denied" errors on files inside directories with very restricted permissions. (Redmine #7808) - Fix use-after-free in ArrayMap and HashMap (Redmine #7952) - Package repositories are no more hit every time package promise is evaluated on SUSE. - Fix a bug which sometimes caused package promises to be skipped with "XX Another cf-agent seems to have done this since I started" messages in the log, most notably in long running cf-agent runs (longer than one minute). (Redmine #7933) - TTY detection should be more reliable. (Redmine #7606) - cf-promises -p cf now produces valid cfengine code (Redmine #7956) - Fix ps options for FreeBSD to check processes only in current host and not in jails - cf-runagent now properly supports multiple -D or -s arguments (Redmine #7191) - Fix: Work around impaired class definition from augments (Jira CFE-2333) - Fix "No such file or directory" LMDB error on heavily loaded hosts. (Jira CFE-2300) - Check for empty server response in RemoteDirList after decryption (Redmine #7908) - Small performance optimization when cf-execd scans emails before sending. - Fix handling of closed connections during transactions (Redmine #7926) - The core ps parsing engine used for processes promises has been rewritten from scratch, and should be more robust than before. (Jira CFE-2161) - Fix the lexer which could not handle empty newline(s) before a ```@endif```. - groupexists() no longer fails to detect a group name starting with a digit. (Jira CFE-2351) - Fix HP-UX specific bug that caused a lot of log output to disappear. - Fix unresolved variable (Redmine #7931) - Change: Suppress standard services noise on SUSE (Redmine #6968) - Reduce verbosity of yum package module (Redmine #7485) - cf-runagent: Allow connections to localhost instead of failing silently. - Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points. - Fix classes being set because of hash collision in the implementation. (Redmine #7912) - fix build failure on FreeBSD 7.1 (Redmine #7415) - Improve logging when managing setuid/setgid - Reduce verbosity of apt_get package module (Redmine #7485) - packagesmatching() and packageupdatesmatching() should work when new package promise is used. (Jira CFE-2246) - Fix bug which could render host unable to recover from a syntax error, even if failsafe.cf was utilized. This could happen if the file containing the syntax error was specified in the def.json special file. (Redmine #7961) - Prevent crash in cf-execd email code when policy server is not set. - In case of networking error, assume checksum is wrong - Fix two cases where action_policy warn still produces errors (Redmine #7274) - Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961) - @if minimum_version now correctly ignores lines starting with '@' (Redmine #7862) - No longer hang when changing permissions/ownership on fifos (Redmine #7030) - readfile() and read*list() should print an error if they fail to read file. (Redmine #7702) - The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088) - Fix file descriptor leak when there are network errors. - Improve robustness of process table parsing on Solaris. (Jira CFE-2161) - Installing packages containing version numbers using yum now works correctly. (Redmine #7825) - Parse def.json vars, classes and inputs from the C code. This fixes a bug where certain entries in this file would be parsed too late to have any effect on the evaluation. (Redmine #7453, #7615) - Change package modules permissions on hub package so that hub can execute package promises. (Redmine #7602) - Fix: CFEngine choking on standard services (Jira CFE-2086) - Fix: cf-upgrade on SUSE - Fix: Stop cfengine choking on systemctl output (Jira CFE-2806) - storage: Properly initialize the list of current mounts (Jira CFE-1803) - Fix bug which caused empty emails to be sent from cf-execd if there was no previous output log and the new log was fully filtered by email filters. (Jira ENT-2739) - Don't send empty emails for logs where everything is filtered. (Jira ENT-2739) - Fix intermittent error message of type: "error: Process table lacks space for last columns: " (Jira CFE-2371) - Be less verbose if a network interface doesn't have a MAC address. (Jira CFE-1995) 3.8.2: Fixes: - Update library dependencies to latest version. Libraries upgraded: - curl 7.47.0 - LMDB 0.9.18 - MySQL 5.1.72 - OpenLDAP 2.4.44 - OpenSSL 1.0.2g - PostgreSQL 9.3.11 - Redis 3.0.7 - rsync 3.1.2 PHP was kept at 5.6.17 because of problems with the 5.6.19 version. - Reduce verbosity of apt_get package module (Redmine #7485) - Reduce verbosity of yum package module (Redmine #7485) - The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088) - Don't follow symbolic links when copying extended attributes. - Fix a bug which sometimes caused package promises to be skipped with "XX Another cf-agent seems to have done this since I started" messages in the log, most notably in long running cf-agent runs (longer than one minute). (Redmine #7933) - Fix bug which could render host unable to recover from a syntax error, even if failsafe.cf was utilized. This could happen if the file containing the syntax error was specified in the def.json special file. (Redmine #7961) - Change: Policy files specified in the "inputs" section of def.json will no longer be auto-loaded. One has to refer to the $(def.augments_inputs) variable in the policy (the standard masterfiles policies include this by default). This only affects installations which are not based on the standard masterfiles, and which are using the "inputs" field inside def.json. (Redmine #7961) - Fix file descriptor leak when there are network errors. - Fix cf-serverd error messages with classic protocol clients (Redmine #7818) - Installing packages containing version numbers using yum now works correctly. (Redmine #7825) - Fix ps options for FreeBSD to check processes only in current host and not in jails - fix build failure on FreeBSD 7.1 (Redmine #7415) - Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points. - Fix classes being set because of hash collision in the implementation. (Redmine #7912) - Allow def.json up to 5MB instead of 4K. - Fix a regression which would sometimes cause "Permission denied" errors on files inside directories with very restricted permissions. (Redmine #7808) - Change: Suppress standard services noise on SUSE (Redmine #6968) Changes: - Change: classesmatching(): order of classes changed 3.8.1: Changes: - Upgrade CFEngine dependencies to the following versions: - OpenSSL 1.0.2e - PCRE 8.38 - libxml2 2.9.3 - OpenLDAP 2.4.43 - libcurl 7.46.0 - Upgrade LMDB to version 0.9.17. (Redmine #7879) Bug fixes: - @if minimum_version now correctly ignores lines starting with '@' (Redmine #7862) - Add guard for binary upgrade during bootstrap (Redmine #7861) - Namespaced classes can now be specified on the command line. - Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961) - Fix two cases where action_policy warn still produces errors (Redmine #7274) - Parse def.json vars, classes and inputs from the C code. This fixes a bug where certain entries in this file would be parsed too late to have any effect on the evaluation. (Redmine #7453, #7615) - Fix HP-UX specific bug that caused a lot of log output to disappear. - Check for empty server response in RemoteDirList after decryption (Redmine #7908) - getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116) - Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf (Redmine #7861) 3.8.0: New features/additions: - New feature: Bodies can now inherit attribute values from other bodies by specifying "inherit_from" with the name of the body to inherit from, plus any arguments it accepts. For example: body classes myclasses { inherit_from => classes_generic("myname"); } (Redmine #4309) - Add url_get() function. (Redmine #6480) - Add @if feature() syntax @if feature work like @if minimum_version but allows distinguishing between features chosen at compile time. - Extend module protocol to create persistent classes. To use it, have the module print a line with "^persistence=" before printing any class names. "persistence=0" goes back to non- persistent classes. (Redmine #7302) - Add: New `results` classes body (Redmine #7418) - Add: Debug reports in cfe_internal_cleanup_agent_reports - Add: Path to svcprop in stdlib - Add: masterfiles-stage script to contrib - Whitespace is now allowed in class expressions for readability, between class names and operators. (Redmine #7152) Changes: - Change: Clarify bootstrap/failsafe reports - Change: Improve in-line docs for internal log maintenance - Change: Improve efficiency and debug reports (Redmine #7527) - Remove: 3.5 support from masterfiles policy framework - Long promiser strings with multiple lines are now abbreviated in logs. (Redmine #3964) - Change: Reunify Version based policy split - Change: Separate binary details from policy update (Redmine #7662) - Remove /var/cfengine/cf3..runlog. (Redmine #6957) - Change: sys.libdir and sys.local_libdir to non version specific path - sys.libdir now resolves to $(sys.inputdir)/lib - sys.local_libdir now resolves to lib (Redmine #7559) - Moved the following files to /var/cfengine/log/: - /var/cfengine/promise_summary.log - /var/cfengine/cfagent..log - Change: Separate binary details from policy update (Redmine #7662) - Remove: Support for email settings from augments_file (Redmine #7682) Bug fixes: - It is possible to edit the same value in multiple regions of one file. (Redmine #7460) - Change package modules permissions on hub package so that hub can execute package promises. (Rednime #7602) (Redmine #7602) - Fix exporting CSV reports through HTTPS. (Redmine #7267) - cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments (Redmine #7191) - readfile() and read*list() should print an error if they fail to read file. (Redmine #7702) - No longer hang when changing permissions/ownership on fifos (Redmine #7030) - Fix broken HA policy for 3rd disaster-recovery node. - Fix: Policy errors for 3.5 and 3.6 - Mustache templates: Fix key when value is not a primitive. The old behavior, when iterating across a map or array of maps, was to abort if the key was requested with . The new behavior is to always replace with either the key name or the iteration position in the array. An error is printed if is used outside of a Mustache iteration section. - Fix build with musl libc. (Redmine #7455) - Fixed a bug which could cause daemons to not to be killed correctly when upgrading or manually running "service cfengine3 stop". (Redmine #7193) - Fix daemons not restarting correctly on upgrade on AIX. - Package promise: Fix inability to install certain packages with numbers. (Redmine #7421) - Redmine #6027 Directories should no more be changed randomly into files. (Redmine #6027) - Improve cf-serverd's lock contention because of getpwnam() call. (Redmine #7643) (Redmine #7643) - action_policy "warn" now correctly produces warnings instead of various other verbosity levels. (Redmine #7274) - If there is an error saving a mustache template file it is now logged with log-level error (was inform). - The JSON parser now supports unquoted strings as keys. - Reduce malloc() thread contention on heavily loaded cf-serverd, by not exiting early in the logging function, if no message is to be printed. (Redmine #7624) (Redmine #7624) - Fix a bug which caused daemons not to be restarted on upgrade. (Redmine #7528) - Include latest security updates for dependencies. - Fixed bug which would cause bff and depot packages not to run package scripts on removal. (Redmine #7193) - Fix upgrade causing error message under systemd because of open ports. - Fixed several bugs which prevented CFEngine from loading libraries from the correct location. This affected several platforms. (Redmine #6708) - Legacy package promise: Result classes are now defined if the package being promised is already up to date. (Redmine #7399) - failsafe.cf will be created when needed. (Redmine #7634) (Redmine #7634) - If file_select.file_types is set to symlink and there are regular files in the scanned directory, CFEngine no longer produces an unnecessary error message. (Redmine #6996) - Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error message on AIX. - Fix package promise not removing dependent packages. (Redmine #7424) - Fix: Solaris packages no longer contain duplicate library files, but instead symlinks to them. (Redmine #7591) - Fix select_class not setting class when used in common bundle with slist. (Redmine #7482) - Fix "@endif" keyword sometimes being improperly processed by policy parser. (Redmine #7413) - Fix noise from internal policy to upgrade windows agents (Redmine #7456) - cfruncommand now works if it contains spaces, with the TLS protocol. (Redmine #7405) - Fix warning "Failed to parse csv file entry" with certain very long commands promises. (Redmine #7400) - CFEngine no longer erronously passes -M to useradd on HP-UX. (Redmine #6734) - cf-monitord no longer complains about missing thermal zone files. (Redmine #7238) - systemd is now detected correctly if it is a symlink (Redmine #7297) - TTY detection should be more reliable. (Redmine #7606) (Redmine #7606) Changes in cfengine-masterfiles: * Update to 3.21.0 (jsc#SLE-24222, bsc#1197029, CVE-2021-44215) * Added inventory for Raspberry Pi and DeviceTree devices (ENT-8628) * Added policy to enforce proper permissions on Mission Portal ldap directory (ENT-9693) * Added check to make sure cf-execd is running after attempting self upgrade on Windows * Added exception for ldap directory perms for settings.ldap.php (ENT-9697) (ENT-9573) * Added date to known paths for linux (CFE-4069) * Added fallback to top-level feeder dump directory (ENT-8936) * Added self upgrade knowledge for Suse 12, 15 and opensuse leap 15 (ENT-9209) * Added self upgrade knowledge for debian 11 (ENT-9210) * Added ssh in paths.cf so that policy writers can use $(paths.ssh) (CFE-4037) * Added support for multiple superhubs per feeder (ENT-8936) * Amazon Linux now uses --setopt-exit_on_lock=True in redhat_no_locking_knowledge (ENT-9057) * Avoided error stopping apache when no pid file exists (ENT-9108) * Disabled explicit setting for SSLCompression for Mission Portal Apache. OpenSSL3 does not provide compression capability, when enabled Apache will not start. (ENT-8933) * Fixed deleting multiple hosts with distributed cleanup utility (ENT-8979) * Fixed directory in which windows agents source packages for upgrade (ENT-9010) * Fixed services_autorun_inputs working independently from services_autorun (CFE-4017) * Fixed set_line_based() for case when edit_defaults.empty_before_use is true (ENT-5866) * Made proc inventory configurable via Augments (CFE-4056) * Make device-tree inventory quieter in containers (ENT-9063) * Stopped applying locks to masterfiles-stage (ENT-9625) * Stopped loading several Apache modules on Enterprise Hubs by default: mod_auth_basic, mod_authz_host, mod_authz_owner, mod_dbd, mod_authn_file, mod_authz_dbm (ENT-8607, ENT-8602, ENT-8706, ENT-8609, ENT-9072, ENT-8605) * Updated filename conventions for AIX and Solaris packages (ENT-9095) * Fixed detection of location for httpd.pid (ENT-9603) * Added policy to manage permissions for php/runalerts-stamp (ENT-9703) * Ensured manual edits to httpd.conf are reverted (ENT-9686) 3.20.0: * Renamed bundle agent main to bundle agent mpf_main (CFE-3947) * Added prelink to paths.cf * Added Enterprise Hub postgresql.conf to files monitored for diffs by default (ENT-8618) * Added PostgreSQL tunables for Federated Reporting (ENT-8617) * Added lib/templates to packaged assets (ENT-8533) * Added policy to patch apachectl for more robust stopping on Enterprise Hubs (ENT-8823) * Added policy update exclusion for directories named .no-distrib (ENT-8079) * Added support for 'option' option in pkg module (CFE-3568) * Added support for Amazon Linux in standalone self upgrade (ENT-8274) * Added support for downloading windows packages as part of self upgrade (ENT-8283) * Adjusted MPF to handle rxdirs default from true to false (CFE-951) * 755 perms on hub htdocs dir are now enforced (ENT-8212) * Proper owner and perms on docroot are now enforced(ENT-8280) * Prevented def.dir_masterfiles/.no-distrib from being copied (ENT-8079) * Cleaned up policy related to versions prior to 3.12 (CFE-3920) * Removed policy deprecated by sys.os_release (CFE-3933) * Updated bundle names and wording to reflect current tooling (CFE-3921) * Enabled setting environment attribute in body agent control via augments (CFE-3925) * Fixed inclusion of distributed cleanup python files during install (ENT-8393) * Fixed inventory for OS on Rocky Linux (ENT-8292) * Fixed promise status from package upgrade when architecture specified in promise (CFE-3568) * Made body classes u_kept_successful_command_results inherit_from u_results (CFE-3917) * Made cmdb update ignore locks (ENT-8847) * Updating host-specific CMDB data files now happens asynchronously (ENT-7357) * Fixed issue with apt_get package module on Ubuntu 22 (CFE-3976) * Fixed parsing of options attribute and added repo alias for repository option in pkg module (CFE-3568) * Fixed pkg module parsing input when values include equals (=) (CFE-3568) * Warn about missing dependencies for Distributed Cleanup utility (ENT-8832) * Fixed AIX watchdog default threshold for number of cf-execd processes (CFE-3915) * Stopped lowercasing software inventory on Windows (ENT-8424) * Fixed windows unattended self upgrade on Windows 2008 (ENT-8066) * Invalid feeder dump files are now skipped during import (ENT-8229) * Fixed FR clean bundle when off state (ENT-7969) * Fixed psql not found while FR import (ENT-8353) * Now clean_when_off FR bundle is only run when needed (ENT-8294) 3.19.0: * Added interpreter attribute to standalone self upgrade package_module bodies (CFE-3703, ENT-5752) * Added almalinux as a know derivative of rhel (ENT-7644) * Added class to prevent hub from seeding binary packages for use in self upgrade (ENT-7544) * Added cleanup of database and status semaphore when federation target_state is off (ENT-7233) * Added custom promise python library * Added distributed_cleanup utility for Federated Reporting (ENT-7215) * Added fallback logic for determining installed software version on Windows (ENT-7501) * Added lsmod to well known paths (CFE-3790) * Added script to cleanup artifacts after cfbs build (CFE-3781) * Added self upgrade support for SUSE (ENT-7446) * Added separate classes for controlling autorun inputs and bundles The class services_autorun continues to enable both automatic inclusion of .cf files in services/autorun and the running of bundles tagged with autorun. This change adds the classes services_autorun_inputs and services_autorun_bundles for independently enabling addition of .cf files in services/autorun and automatic execution of bundles tagged with autorun respectively. (CFE-3715) * Added support for downloading community packages on hub in preparation for binary upgrades * Added variable for excluding files from Policy Analyzer (ENT-7684) * Adjusted badges for 3.18.0 release (ENT-6713) * Adjusted permissions for Mission Portal public tmp files (ENT-7261) * Autorun bundles now run regardless of locks Previously, when the autorun feature was enabled to automatically run bundles tagged with autorun the bundle actuation was affected by promise locking. The effect of this is that agent runs that happen close together would skip running bundles run within the last minute. Now autorun bundles no longer wait for a lock to expire, they will be actuated each agent execution. Note, promises within those bundles have their own locks which still apply. (CFE-3795) * Dropped un-necessary local variable The use of this local variable triggers a bug that prevents datastate() from printing. Since the variable is un- necessary, it's been removed and the parameter is used directly. (CFE-3776) * Enforced permissions for Postgres log (ENT-7961) * Fixed package module augments settings usage for pre 3.15.3 binaries (ENT-7356, ENT-7358) * Fixed path in permissions and ownership promise for application log dir (ENT-7731) * Fixed services_autorun_bundles only case (CFE-3799) * Fixup zypper package module script to work properly with interpreter attribute (ENT-7442) * Gave cfapache group full access to docroot (ENT-8065) * Insured exported reports from Mission Portal are in the correct location (ENT-7465) * Made apache restart more robust (ENT-8045) * Moved httpd.pid to root of httpd workdir (ENT-7966) * Physical Memory (MB) inventory now handles dmidecode MB or GB units (ENT-7714) * Promised permissions for Mission Portal application and Apache log files This change ensures that both Mission Portal and Apache log files have restrictive permissions. Previously this was un-managed. (ENT-7730) * Reduced scope of report informing of missing systemd service (CFE-290, ENT-7360) * Removed build dir from install/dist targets (ENT-7359) * Removed stale CMDB inventory policy (CFE-3712) * Set apache umask to 0177 (ENT-7948) * State changes of systemd services during agent run are now properly registered (CFE-3753) * Stopped enforcing permissions of modules in inputs This change removes explicit enforcement of permissions for modules in inputs. Instead of explicitly enforcing permissions in inputs, we rely on the default permissions (600). The previous explicit permissions (755) are un-necessary as modules are not executed from within the inputs directory and have resulted in permission flip-flopping in some environments. Permissions on modules in the modules dir (sys.workdir)/modules are still enforced. (ENT-7733) * Switched from using package_method generic to default package_module for windows software inventory (ENT-2589) * Improved the reliability when detecting a Red Hat system. Now if the ID field in /etc/os-release is set to rhel, the redhat_pure class will be defined. If the variable sys.os_release does not exist, redhat_pure is defined if we have already defined redhat and we do not find classes for well known derivatives * rocky, a class defined on Rocky Linux was added to the list of well known derivatives (ENT-7628) * Added advisory lock for Federated Reporting operations (ENT-7474) * controls/cf_serverd.cf no longer specifies explicit default for bindtointerface and relies on the default binding to both :: and 0.0.0.0 on IPV6-enabled hosts (ENT-7362) * setup-status.json is no longer being repaired over and over on FR feeder hubs (ENT-7967) 3.18.0: * Added .ps1 to list of file patterns considered during policy update (ENT-4094) * Added ability to specify additional directories to add autorun policy from (CFE-3524) * Added default cf_version_release of 1 when sys var missing (ENT-6219) * Added description of psql_lock_wait_before_acquisition measurement (ENT-6841) * Added inventory of Setgid files and Setgid files that are root owned (ENT-6793) * Added inventory of users and hosts allowed to use cf-runagent (ENT-6666) * Added measurement of entropy available on linux systems (ENT-6495) * Added missing packages modules scripts in makefile (ENT-6814) * Added new interface for controlling users allowed to initiate cf-agent via cf-runagent (CFE-3544) * Added policy for permissions on cf-execd sockets on Enterprise Hubs (ENT-6777) * Added redirect to remove index.php from Mission Portal's URL (ENT-6464) * Added standalone self upgrade capability for Windows agents (ENT-6219, ENT-6823) * Added tail & tail_n to standard library (CFE-3558) * Added vars.mpf_admit_cf_runagent_shell to control admission for cf-runagent requests (ENT-6673) * Added verbose logfile for msiexec package module file installs (ENT-6220, ENT-6824) * Changed default behavior of policy update to keep inputs in sync with masterfiles Prior to this change, the default behavior of the MPF was to only ensure that files in masterfiles were up to date with the files in inputs. Files in inputs that did not exist in masterfiles were left undisturbed. To enable sync behavior (a common user expectation) you had to explicitly define 'cfengine_internal_purge_policies'. Now, if you wish to return to the previous default behavior, define the class 'cfengine_internal_purge_policies_disabled'. Ticket: (CFE-3662) * Changed msiexec package module install logs to be unique for each msi file (ENT-6824) * Disabled TLSv1 by default for Mission Portal's web server (ENT-6783) * Do not apply redirect from index.php to internal APIs (ENT-6464) * Enabled packages promises using package_module without bundle def (CFE-3504) * Fixed ability to define users authorized for using cf-runagent on policy servers (CFE-3546) * Fixed alpine apk packages module to parse names properly (CFE-3585) * Fixed cfengine_mp_fr_handle_duplicate_hostkeys class usage in policy (ENT-7094) * Fixed docs describing xdev behavior in depth_search bodies (CFE-3541) * Fixed loading of platform specific inventory on AIX (CFE-3614) * Made Enterprise CMDB data update after policy update (ENT-6788) * Prevent setgid files from causing continual repair related to setuid file inventory (ENT-6782) * Removed stale unused copy of u_kept_successful_command body. If you receive an error about undefined body, alter your policy to use kept_successful_command instead (CFE-3617) * Removed unused plugins directory (CFE-3618) * Renamed python symlink to cfengine-selected-python (CFE-3512) * Shortened Inventory OS attribute to be more readable (ENT-6536) * Suppressed inform output from Enterprise Hub database maintenance operations (ENT-6563) * Suppressed output from watchdog on AIX to prevent the mail spool from filling up (CFE-3630) * Added ability to specify a list of bundles to run before autorun (for classification) (ENT-6603) * Update policy now moves obstructions (CFE-2984) * Use VBScript to enumerate installed packages (ENT-4669) * add /usr/bin/yum to paths.cf for aix (CFE-3615) * service status on FreeBSD now uses onestatus (CFE-3515) * Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628) 3.17.0: * Added .csv to the list of file extensions considered by default during policy update (CFE-3425) * Added ability to extend known paths without modifying vendored policy (CFE-3426) * Added apk package module support for alpinelinux (CFE-3451) * Added bundle edit_line converge_prepend with same behavior as bundle edit_line converge, but inserting at start of content. (CFE-3483) * Added inventory for Timezone and GMT Offset (ENT-6161) * Added inventory for policy servers (ENT-6212) * Added maintenance policy to update health diagnostics failures table on enterprise hubs (ENT-6228) * Added optional handle duplicates step in federated reporting import (ENT-6035) * Added replace_uncommented_substrings (ENT-6117) * Added service states "active" and "inactive" for systemd (ENT-6074) * Added watchdog for Windows (ENT-5538) * Adjusted package_module and paths for termux platform (CFE-3288) * Aligned systemd services behavior for service_policy => "enable|enabled|disable|disabled" (ENT-6073) * Changed bundle server access_rules to mpf_default_access_rules (CFE-3427) * Cleaned up Mission Portal OS variable (inventory_os.description) on RHEL 5 & 6 (ENT-6124) * De-duplicated license headers (ENT-6040) * Fixed converge edit_line bundle not deleting lines containing marker (CFE-3482) * Fixed interpretation of cf-hub --show-license from REPAIRED to KEPT (ENT-6473) * Inventory OS variable (inventory_os.description in policy) is now based on os-release * Made git_stash only stash untracked files when capable (CFE-3383) * Moved systemd service management to own bundle (CFE-3381) * Removed delay in refreshing software installed inventory (ENT-6154) * Removed unnecessary packages promise on SuSE (ENT-5480, ENT-6375) * Replaced @ignore with useful doc strings (CFE-3378) 3.16.0: * /var/cfengine/bin/python symlink creation on SLES was fixed * Added 'data' shortcut to cf-serverd, defaults to sys.workdir/data * Added inventory for CFEngine Enterprise License information (ENT-5089, ENT-5279) * Added inventory of NFS servers in use (from /proc/mounts, on linux) (CFE-3259) * Added inventory of license owner on enterprise hubs (ENT-5337) * Added paths support for opensuse (CFE-3283) * Added use of services promise for FR postgresql reconfig in case of systemd (ENT-5420) * Added zypper as default package manager for opensuse (CFE-3284) * Admitted ::1 as a query source on Enterprise hubs (ENT-5531) * Aligned unattended self upgrade package map with current state (ENT-6010) * Always copy modules from masterfiles (CFE-3237) * Changed DocumentRoot of Mission Portal in httpd.conf to `/path/to/cfengine/httpd/htdocs/public` (ENT-5372) * Changed group for state dir files promise to match defaults per OS (CFE-3362) * Changed m_inventory dumping behavior to exclude when values is null (ENT-5562) * Corrected application/logs path to outside of docroot (ENT-5255) * Deleted deprecated __PromiseExecutionsLog from process that cleans log tables (ENT-5170) * Fixed dmi inventory to prefer sysfs to dmidecode for most variables for improved performance and to handle CoreOS hosts that don't have dmidecode. (CFE-3249) * Fixed permission flipping when policy analyzer is enabled (ENT-5235) * Fixed runalerts processes promise on non-systemd systems (ENT-5432) * Fixed selection of standard_services when used from non-default namespace (ENT-5406) * Fixed system UUID inventory for certain VMWare VMs where dmidecode gives UUID bytes in wrong order. (CFE-3249) * Fixed typo preventing recommendation bundles from running (CFE-3305) * HA setups no longer have flipping permissions on /opt/cfengine/notification_scripts * Improved resilience of cron watchdog for linux (CFE-3258) * Inventory refresh is no longer part of agent run on the hub (ENT-4864) * Made python symlink fall back to platform-python (CFE-3291) * Made set_variable_values_ini prefer whitespace around = (CFE-3221) * Modified cftransport cleanup to avoid errors (ENT-5555) * Moved 'selinux_enabled' class to config bundle and namespace scope it * Prevented inventory of unresolved variables for diskfree and loadavg (ENT-5190) * Release number was added to MPF tarballs (ENT-5429) * Standard services now considers systemd services in ActiveState=activating active (CFE-3238) * Stopped continual repair of ha_enabled semaphore (ENT-4715) * Stopped disabling disabled systemd unit each run when disabled state requested (CFE-3367) * Stopped trying to edit fields in manage_variable_values_ini (CFE-3372) * Suppressed useless inform output from /bin/true in ec2 inventory (ENT-5233) * Switched from hardcoded path to /bin/true to use paths from stdlib (ENT-5278) * The zypper module is now fully compatible with Python 3 (CFE-3364) * Whitespace is now allowed at the beginning of ini key-values (CFE-3244) * apt_get package module now checks package state (CFE-3233) 3.15.0: * Added package_module for snap (CFE-2811) * Fixed pkgsrc in case where multiple Prefix paths are returned for pkg_install (CFE-3152) * Fixed pkgsrc module on Solaris/NetBSD (CFE-3151) * Moved zypper package module errors to the cf-agent output (CFE-3154) * Added new class mpf_enable_cfengine_systemd_component_management to enable component management on systemd hosts. When defined on systemd hosts policy will render systemd unit files in /etc/systemd/system for managed services and that all units are enabled unless explicitly disabled. When this class is not defined on systemd hosts the policy will not actively mange cfengine service units (no change from previous behavior) (CFE-2429) * Fixed detection of service state on FreeBSD (CFE-3167) * Added known paths for true and false on linux (ENT-5060) * Fixed path for restorecon on redhat systems to /sbin/restorecon * Added usermod to known paths for redhat systems * Added policy to manage federated reporting with CFEngine Enterprise * Introduced augments variable `control_hub_query_timeout` to control cf-hub query timeout. (ENT-3153) * Added OOTB inventory for IPv6 addresses (sans ::1 loopback) (ENT-4987) * Added and transitioned to using master_software_updates shortcut in self upgrade policy (ENT-4953) * Added brief descriptions to bodies and bundles in cfe_internal/CFE_cfengine.cf (CFE-3220) * Added support for SUSE 11, 12 in standalone self upgrade (ENT-5045, ENT-5152) * Changed policy triggering cleanup of __lastseenhostlogs to target only 3.12.x, 3.13.x and 3.14.x. From 3.15.0 on the table is absent. (ENT-5052) * Fixed agent disabling on systemd systems (CFE-2429, CFE-3416) * Ensured directory for custom action scripts is present (ENT-5070) * Excluded Enterprise federation policy parsing on incompatible versions (CFE-3193) * Extended watchdog for AIX (ENT-4995) * Fixed cleanup of future timestamps from status table (ENT-4331, ENT-4992) * Fixed re-spawning of cf-execd or cf-monitord after remediating duplicate concurrent processes (CFE-3150) * Replaced /var/cfengine with proper $(sys.*) vars (ENT-4800) * Fixed selection of standard_services when used from non-default namespace (ENT-5406) 3.15.0b1: * Added continual checking for policy_server state (CFE-3073) * Added monitoring for postgresql lock acquisition times (ENT-4753) * Added support for 'awk' filters in the FR dump-import process (ENT-4839) * Added support for configuring abortclasses and abortbundleclasses via augments (ENT-4823) * Added support for filtering in both dump and import phases of the FR ETL process (ENT-4839) * Added support for ordering FR awk and sed scripts (ENT-4839) * Added support for setting periodic package inventory refresh interval via augments (CFE-2771) * Changed FR policy to honor target_state properly (ENT-4874) * Copy .awk and .sed files from masterfiles to inputs (ENT-4839) * Fixed Python 3 incompatibility in yum package module * Fixed synchronization of important configuration files from active to passive hub (ENT-4944) * Made keys of all types from feeder hubs trusted on a superhub (ENT-4917) * Speeded-up FR import process by merging INSERT INTO statements (ENT-4839) * Suppressed stderr output from lldpctl when using path defined by def.lldpctl_json (CFE-3109) * Added SQL to update feeder update timestamp during import (ENT-4776) * Added ssh_home_t type to cftransport .ssh dir (ENT-4906) * fix use of _stdlib_path_exists_ in FR transport_user policy bundle (ENT-4906) * partitioned __inventory table for federated reporting (ENT-4842) * psql_wrapper needed full path to psql binary (ENT-4912) * yum package_module gets updates available from online repos if local cache fails (CFE-3094) 3.14.0: * Fixed isvariable syntax error in update_def.cf (CFE-2953) * Added path support for setfacl, timedatectl and journalctl (CFE-3013) * Added trailing slash to access promises expecting directories (CFE-3024) * Added scripts and templates for Federated Reporting (ENT-4473) * rpm python module is no longer required to check zypper version * Changed cleanup consumer status SQL query (ENT-4365) * Conditioned use of curl for ec2 metadata cache on curl binary being executable (CFE-3049) * Added augments variables to control cf-hub (ENT-4269) * Prevented DB maintenance tasks on a passive High Availability hub (ENT-4706) * Repair outcome for starting cf-monitord or cf-execd is no longer suppressed (CFE-2964) * Restrictive permissions on hub install log are now enforced (ENT-4506) * Ensured that asynchronous query API semaphores are writable (ENT-4551) * Fixed standalone_self_upgrade not triggering because of stale data (ENT-4317) * Fixed maintenance policy for promise log cleanup to respect history_length_days (ENT-4588) * Improved efficiency and error handling of user specified policy update bundle * Log version of Enterprise agent outside of state (ENT-4352) * Added package module for managing windows packages using msiexec (ENT-3719) * Prevented inventorying un-expanded memory values from cf-monitord (ENT-4522) * Prevented performance overhead on hubs that don't enable license utilization logging (ENT-4333) * Collection status records in the future are now purged (ENT-4362) * Reduced cost of knowing when setopt is available in yum (CFE-2993) * runalerts is now restarted if modified (ENT-4273) * Separated kill signals from restart class to avoid warning (CFE-2974) * Separated termination and observation promises for cf-monitord (CFE-2963) * Set default access promises for directories to only share if directory exists (CFE-3060) * Set default value for purge_scheduled_reports_older_than_days (ENT-4404) * Added more accurate and descriptive daemon classes * collect_window in body server control can now be set from augments (ENT-4283) * Guarded vars promises in cfe_internal_enterprise_mission_portal_apache Constrain vars promises in cfe_internal_enterprise_mission_portal_apache to policy_server.enterprise_edition::, otherwise "cf-promises --show-vars" includes a dump of the entire datastate from the "data" variable in cfe_internal_enterprise_mission_portal_apache (line over 100K long). (CFE-3011) * redhat_pure is no longer defined on Fedora hosts (CFE-3022) 3.13.0: * Add debian 9 to the self upgrade package map (ENT-4255) * Add 'system-uuid' to default dmidecode inventory (CFE-2925) * Add inventory of AWS EC2 linux instances (CFE-2924) * Add ubuntu 18 to package map for self upgrade (ENT-4118) * Allow dmidefs inventory to be overridden via augments (CFE-2927) * Analyze yum return code before parsing its output (CFE-2868) * Fixed issue when promise to edit file that does not exist caused "promise not kept" condition (ENT-3965) * Avoid trying to read /proc/meminfo when it doesn't exist (CFE-2922) * Avoid use of $(version) for package_version in legacy implementation (ENT-3963) * Cleanup old report data relative to the most recent changetimestamp (ENT-4807) * Clear `__lastseenhostslogs` every 5 minutes. (ENT-3550) * Configure Enterprise hub pull collection schedule via augments (ENT-3834) * Configure agent_expireafter from augments (ENT-4308) * Create desired version tracking data when necessary (ENT-3937) * Cron based watchdog for cf-execd on AIX (ENT-3963) * Detect systemd service enablement for non native services (CFE-2932) * Document how def.acl is used and how to configure it (CFE-2861) * Fix augments control state paths to work on windows (ENT-3839) * Fix package_latest detecting larger version in some cases (CFE-1743) * Fix standalone self upgrade when path contains spaces (ENT-4117) * Fix unattended self upgrade on AIX (ENT-3972) * Fix services starting on windows (ENT-3883) * Improve performance of enterprise license utilization logging * Inventory Memory on HPUX (ENT-4188) * Inventory Physical Memory MB when dmidecode is found (CFE-2896) * Inventory Setuid Files (ENT-4158) * Inventory memory on Windows (ENT-4187) * Make recommendations about postgresql.conf (ENT-3958) * Only consider files that exist for rotation (ENT-3946) * Prevent noise when a service that should be disabled is missing. (CFE-2690) * Prevent standalone self upgrade from triggering un-necessarily (ENT-4092) * Remove Design Center related policies Design center never left beta and has been deprecated. Supporting policies have been removed. If you wish to continue using design center sketches you must incorporate them into inputs and the bundlesequence manually. (ENT-4050) * Remove unicode characters (ENT-3823) * Remove templates for deprecated components (ENT-3781) * Remove un-necessary agent run during self upgrade (ENT-4116) * Slackware package module support (CFE-2827) * Specify scope => "namespace" when using persistent classes (CFE-2860) * Store the epoch of packages in cache db with zypper * Sync cf-runalerts override unit template with package (ENT-3923) * Update policy can now skip local copy optimization on policy servers (CFE-2932) * Updated yum package module to take arbitrary options (ENT-4177) * Use default for package arch on aix (ENT-3963) * Use rpmvercmp for version comparison on AIX (ENT-3963) * Users allowed to request execution via cf-runagent can be configured (ENT-4054) * apt_get package module includes held packages when listing updates (CFE-2855) 3.12.0b1: * Avoid executing self upgrade policy unnecessarily (ENT-3592) * Add amazon_linux class to yum package module * Introduce ability to set policy update bundle via augments (CFE-2687) * Localize delete tidy in ha update policy (ENT-3659) * Improve context notifying user of missing policy update bundle (ENT-3624) * Configure ignore_missing_inputs and ignore_missing_bundles via augments (CFE-2773) * Change class identifying runagent initiated executions from cfruncommand to cf_runagent_initated * Support enablerepo and disablerepo options in yum package_module (CFE-2806) * Fix cf-runagent during 3.7.x -> 3.10.x migration (CFE-2776, CFE-2781, CFE-2782) * Makes it possible to tune policy master_location via augments in update policy (ENT-3692) * Fix inventory for total memory on AIX (CFE-2797) * Do not manage redis since it's no longer used (ENT-2797) * Server control maxconnections can be configured via augments (CFE-2660) * Allow configuration of allowlegacyconnects from augments (ENT-3375) * Fix ability for zypper package_module to downgrade packages * Splaytime in body executor control can now be configured via augments (CFE-2699) * Add maintenance policy to refresh events table on enterprise hubs (ENT-3537) * Add apache config for new LDAP API (ENT-3265) * update.cf bundlesequence can be configured via augments (CFE-2521) * Update policy inputs can be extended via augments (CFE-2702) * Add oracle linux support to standalone self upgrade * Add bundle to track component variables to restart when necessary (CFE-2326) * Retention of files found in log directories can now be configured via augments (CFE-2539) * Allow multiple sections in insert_ini_section (CFE-2721) * Add lines_present edit_lines bundle * Schedule in body executor control can now be configured via augments (CFE-2508) * Include scheduled report assets in self maintenance (ENT-3558) * Remove unused body action aggregator and body file_select folder * Remove unused body process_count check_process * Prevent yum from locking in package_methods when possible (CFE-2759) * Render variables tagged for inventory from agent host_info_report (CFE-2750) * Make apt_get package module work with repositories containing spaces in the label (ENT-3438) * Allow hubs to collect from themselves over loopback (ENT-3329) * Log file max size and rotation limits can now be configured via augments (CFE-2538) * Change: Do not silence Enterprise hub maintenance * Ensure HA standby hubs have am_policy_hub state marker (ENT-3328) * Add support for 32bit rpms in standalone self upgrade (ENT-3377) * Add enterprise maintenance bundles to host info report (ENT-3537) * Removed unnecessary promises for OOTB package inventory * Add external watchdog support for stuck cf-execd (ENT-3251) * Be less noisy when a promised service is not found (CFE-2690) * Ignore empty options in apt_get module (CFE-2685) * Add postgres.log to enterprise log file rotation (ENT-3191) * Removed unnecessary support for including 3.6 controls * Fix systemctl path detection * Policy Release Id is now inventoried by default (CFE-2097) * Fix to frequent logging of enterprise license utilization (ENT-3390) * Maintain access to exported CSV reports in older versions (ENT-3572) * cf-execd service override template now only kills cf-execd on stop (ENT-3395) * Fix self upgrade for hosts older than 3.7.4 (ENT-3368) * Avoid self upgrade from triggering during bootstrap (ENT-3394) * Add json templates for rendering serial and multiline data (CFE-2713) * Removed unused libraries and controls * Fixed an error in the file_make_mustache_*, incorrect variable name used (CFE-2714) 3.11.0: * Rename enable_client_initiated_reporting to client_initiated_reporting_enabled * Directories for ubuntu 16 and centos 7 should exist in master_software_updates (ENT-3136) * Fix: Automatic client upgrades for deb hosts * Add AIX OOTB oslevel inventory (ENT-3117) * Disable package inventory via modules on redhat like systems with unsupported python versions (CFE-2602) * Make stock policy update more resiliant (CFE-2587) * Configure networks allowed to initiate report collection (client initiated reporting) via augments (#910) (CFE-2624) * apt_get package module: Fix bug which prevented updates from being picked up if there was more than one source listed in the 'apt upgrade' output, without a comma in between (CFE-2605) * Enable specification of monitoring_include via augments (CFE-2505) * Configure call_collect_interval from augments (enable_client_initiated_reporting) (#905) (CFE-2623) * Add templates shortcut (CFE-2582) * Behaviour change: when used with CFEngine 3.10.0 or greater, bundles set_config_values() and set_line_based() are appending a trailing space when inserting a configuration option with empty value (CFE-2466) * Add default report collection exclusion based on promise handle (ENT-3061) * Fix ability to select INI region with metachars (CFE-2519) * Change: Verify transfered files during policy update * Change select_region INI_section to match end of section or end of file (CFE-2519) * Add class to enable post transfer verrification during policy updates * Add: prunetree bundle to stdlib The prunetree bundle allws you to delete files and directories up to a sepcified depth older than a specified number of days * Do not symlink agents to /usr/local/bin on coreos (ENT-3047) * Add: Ability to set default_repository via augments * Enable settig def.max_client_history_size via augments (CFE-2560) * Change self upgrade now uses standalone policy (ENT-3155) * Fix apt_get package module incorrectly using interactive mode * Add ability to append to bundlesequnece with def.json (CFE-2460) * Enable paths to POSIX tools by default instead of native tools * Remove bundle agent cfe_internal_bins (CFE-2636) * Include previous_state and untracked reports when client clear a buildup of unreported data (ENT-3161) * Fix command to restart apache on config change (ENT-3134) * cf-serverd listens on ipv4 and ipv6 by default (CFE-528) * FixesMake apt_get module compatible with Ubuntu 16.04 (CFE-2445) * Fix rare bug that would sometimes prevent redis-server from launching * Add oslevel to well known paths (ENT-3121) * Add policy to track CFEngine Enterprise license utilization (ENT-3186) * Ensure MP SSL Cert is readable (ENT-3050) * fix case where Apache and Mission Portal Application log files world were readable (bsc#1197031, CVE-2021-44216) * fix case where PostgreSQL log file world were readable (bsc#1197029, CVE-2021-44215) * Update to 3.10.3 (FATE#323149, bsc#1086475) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Advanced Systems Management Module 12 zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2023-2126=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2126=1 ## Package List: * Advanced Systems Management Module 12 (ppc64le s390x x86_64) * cfengine-3.21.0-17.3.1 * libpromises3-debuginfo-3.21.0-17.3.1 * cfengine-debugsource-3.21.0-17.3.1 * cfengine-debuginfo-3.21.0-17.3.1 * libpromises3-3.21.0-17.3.1 * Advanced Systems Management Module 12 (noarch) * cfengine-masterfiles-3.21.0-10.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * cfengine-debuginfo-3.21.0-17.3.1 * cfengine-debugsource-3.21.0-17.3.1 * libpromises-devel-3.21.0-17.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-44215.html * https://www.suse.com/security/cve/CVE-2021-44216.html * https://bugzilla.suse.com/show_bug.cgi?id=1086475 * https://bugzilla.suse.com/show_bug.cgi?id=1197029 * https://bugzilla.suse.com/show_bug.cgi?id=1197031 * https://jira.suse.com/browse/SLE-24222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 20:30:02 -0000 Subject: SUSE-RU-2023:2130-1: moderate: Recommended update for prometheus-hanadb_exporter Message-ID: <168357780251.12209.15747214835541339721@smelt2.suse.de> # Recommended update for prometheus-hanadb_exporter Announcement ID: SUSE-RU-2023:2130-1 Rating: moderate References: * #1210869 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for prometheus-hanadb_exporter fixes the following issues: * Release 0.8.0 (bsc#1210869) Changed * Use systemd notify to set correctly the READY state * Fix daemon flag usage by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/87 * Implement the version flag * Update db_manager.py by @karolyczovek in https://github.com/SUSE/hanadb_exporter/pull/90 * Fixing empty system replication panel * Add AWS Secrets Manager support by @elturkym in https://github.com/SUSE/hanadb_exporter/pull/97 * Fix Boto3 dependency introduced * Add config option 'listen_address' * update spec file to python packaging best practices * Enable ssl connection * Fix the unittest fixing pytest to version 6 by now * Remove invalid trailing comma from example file * IMDSv1 and IMDSv2 abstraction for the retrieval of HANA DB Credentials from AWS Secrets Manager ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2130=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2130=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2130=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2130=1 ## Package List: * openSUSE Leap 15.4 (noarch) * prometheus-hanadb_exporter-0.8.0+git.1681379025.bf6cd7c-150200.3.9.1 * SAP Applications Module 15-SP2 (noarch) * prometheus-hanadb_exporter-0.8.0+git.1681379025.bf6cd7c-150200.3.9.1 * SAP Applications Module 15-SP3 (noarch) * prometheus-hanadb_exporter-0.8.0+git.1681379025.bf6cd7c-150200.3.9.1 * SAP Applications Module 15-SP4 (noarch) * prometheus-hanadb_exporter-0.8.0+git.1681379025.bf6cd7c-150200.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 20:30:04 -0000 Subject: SUSE-RU-2023:2129-1: moderate: Recommended update for HANA-Firewall Message-ID: <168357780412.12209.10351096301339650877@smelt2.suse.de> # Recommended update for HANA-Firewall Announcement ID: SUSE-RU-2023:2129-1 Rating: moderate References: * #1210981 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has one recommended fix can now be installed. ## Description: This update for HANA-Firewall fixes the following issues: * Missing SCR Agent for reading and writing /etc/sysconfig/hana-firewall from yast2. (bsc#1210981) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2129=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2129=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2129=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2129=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2129=1 ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * HANA-Firewall-2.0.3-150000.3.6.1 * HANA-Firewall-debuginfo-2.0.3-150000.3.6.1 * SAP Applications Module 15-SP1 (ppc64le x86_64) * HANA-Firewall-2.0.3-150000.3.6.1 * HANA-Firewall-debuginfo-2.0.3-150000.3.6.1 * SAP Applications Module 15-SP2 (ppc64le x86_64) * HANA-Firewall-2.0.3-150000.3.6.1 * HANA-Firewall-debuginfo-2.0.3-150000.3.6.1 * SAP Applications Module 15-SP3 (ppc64le x86_64) * HANA-Firewall-2.0.3-150000.3.6.1 * HANA-Firewall-debuginfo-2.0.3-150000.3.6.1 * SAP Applications Module 15-SP4 (ppc64le x86_64) * HANA-Firewall-2.0.3-150000.3.6.1 * HANA-Firewall-debuginfo-2.0.3-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210981 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 8 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 08 May 2023 20:30:10 -0000 Subject: SUSE-RU-2023:2128-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <168357781034.12209.323949281391899945@smelt2.suse.de> # Recommended update for supportutils-plugin-suse-public-cloud Announcement ID: SUSE-RU-2023:2128-1 Rating: moderate References: * #1209026 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: * Update to version 1.0.7 (bsc#1209026) * Include information about the cached registration data * Collect the data that is sent to the update infrastructure during registration ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2128=1 ## Package List: * Public Cloud Module 12 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-6.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 07:03:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:03:50 +0200 (CEST) Subject: SUSE-CU-2023:1476-1: Security update of bci/dotnet-aspnet Message-ID: <20230509070350.8D920FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1476-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.19 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.19 Container Release : 31.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 07:04:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:04:03 +0200 (CEST) Subject: SUSE-CU-2023:1477-1: Security update of bci/dotnet-aspnet Message-ID: <20230509070403.18DEAFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1477-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.19 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.19 , bci/dotnet-aspnet:latest Container Release : 11.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 07:05:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:05:11 +0200 (CEST) Subject: SUSE-CU-2023:1478-1: Security update of bci/dotnet-sdk Message-ID: <20230509070511.02FFFFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1478-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.19 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.19 Container Release : 33.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 07:05:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:05:28 +0200 (CEST) Subject: SUSE-CU-2023:1479-1: Security update of bci/dotnet-sdk Message-ID: <20230509070528.984EAFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1479-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.19 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.19 , bci/dotnet-sdk:latest Container Release : 11.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 07:06:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:06:24 +0200 (CEST) Subject: SUSE-CU-2023:1480-1: Security update of bci/dotnet-runtime Message-ID: <20230509070624.BEE78FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1480-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.19 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.19 Container Release : 30.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 07:06:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 09:06:36 +0200 (CEST) Subject: SUSE-CU-2023:1481-1: Security update of bci/dotnet-runtime Message-ID: <20230509070636.15D7FFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1481-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.19 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.19 , bci/dotnet-runtime:latest Container Release : 11.19 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.58 updated From sle-updates at lists.suse.com Tue May 9 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2135-1: important: Security update for libfastjson Message-ID: <168363540375.30868.10353227350921138452@smelt2.suse.de> # Security update for libfastjson Announcement ID: SUSE-SU-2023:2135-1 Rating: important References: * #1171479 Cross-References: * CVE-2020-12762 CVSS scores: * CVE-2020-12762 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-12762 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libfastjson fixes the following issues: * CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2135=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2135=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfastjson4-debuginfo-0.99.9-150400.3.3.1 * libfastjson4-0.99.9-150400.3.3.1 * libfastjson-devel-0.99.9-150400.3.3.1 * libfastjson-debugsource-0.99.9-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfastjson4-debuginfo-0.99.9-150400.3.3.1 * libfastjson4-0.99.9-150400.3.3.1 * libfastjson-devel-0.99.9-150400.3.3.1 * libfastjson-debugsource-0.99.9-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-12762.html * https://bugzilla.suse.com/show_bug.cgi?id=1171479 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:05 -0000 Subject: SUSE-SU-2023:2134-1: moderate: Security update for python-ujson Message-ID: <168363540554.30868.8564632828920833135@smelt2.suse.de> # Security update for python-ujson Announcement ID: SUSE-SU-2023:2134-1 Rating: moderate References: * #1194261 Cross-References: * CVE-2021-45958 CVSS scores: * CVE-2021-45958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45958 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for python-ujson fixes the following issues: * CVE-2021-45958: Fixed a stack-based buffer overflow in Buffer_AppendIndentUnchecked (bsc#1194261). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2134=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2134=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2134=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2134=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-ujson-debuginfo-1.35-150100.3.8.1 * python-ujson-debugsource-1.35-150100.3.8.1 * python-ujson-debuginfo-1.35-150100.3.8.1 * python3-ujson-1.35-150100.3.8.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-ujson-debuginfo-1.35-150100.3.8.1 * python-ujson-debugsource-1.35-150100.3.8.1 * python-ujson-debuginfo-1.35-150100.3.8.1 * python3-ujson-1.35-150100.3.8.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python-ujson-debugsource-1.35-150100.3.8.1 * python2-ujson-debuginfo-1.35-150100.3.8.1 * python-ujson-debuginfo-1.35-150100.3.8.1 * python2-ujson-1.35-150100.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-ujson-debuginfo-1.35-150100.3.8.1 * python-ujson-debugsource-1.35-150100.3.8.1 * python-ujson-debuginfo-1.35-150100.3.8.1 * python3-ujson-1.35-150100.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45958.html * https://bugzilla.suse.com/show_bug.cgi?id=1194261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2133-1: moderate: Recommended update for zlib Message-ID: <168363540755.30868.13547497641287426981@smelt2.suse.de> # Recommended update for zlib Announcement ID: SUSE-RU-2023:2133-1 Rating: moderate References: * #1206513 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for zlib fixes the following issues: * Add DFLTCC support for using inflate() with a small window (bsc#1206513) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2133=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2133=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2133=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2133=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2133=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2133=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2133=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2133=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2133=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2133=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2133=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2133=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.11-150000.3.42.1 * zlib-devel-static-1.2.11-150000.3.42.1 * libminizip1-debuginfo-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * zlib-debugsource-1.2.11-150000.3.42.1 * minizip-devel-1.2.11-150000.3.42.1 * libminizip1-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * openSUSE Leap 15.4 (x86_64) * libminizip1-32bit-1.2.11-150000.3.42.1 * libz1-32bit-1.2.11-150000.3.42.1 * libminizip1-32bit-debuginfo-1.2.11-150000.3.42.1 * zlib-devel-32bit-1.2.11-150000.3.42.1 * libz1-32bit-debuginfo-1.2.11-150000.3.42.1 * zlib-devel-static-32bit-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.11-150000.3.42.1 * zlib-devel-static-1.2.11-150000.3.42.1 * libminizip1-debuginfo-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * zlib-debugsource-1.2.11-150000.3.42.1 * minizip-devel-1.2.11-150000.3.42.1 * libminizip1-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * Basesystem Module 15-SP4 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.42.1 * libz1-32bit-1.2.11-150000.3.42.1 * Development Tools Module 15-SP4 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.42.1 * zlib-debugsource-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * zlib-devel-1.2.11-150000.3.42.1 * zlib-devel-static-1.2.11-150000.3.42.1 * libz1-32bit-1.2.11-150000.3.42.1 * libminizip1-debuginfo-1.2.11-150000.3.42.1 * zlib-devel-32bit-1.2.11-150000.3.42.1 * libz1-32bit-debuginfo-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * zlib-debugsource-1.2.11-150000.3.42.1 * minizip-devel-1.2.11-150000.3.42.1 * libminizip1-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * zlib-devel-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zlib-debugsource-1.2.11-150000.3.42.1 * libz1-debuginfo-1.2.11-150000.3.42.1 * libz1-1.2.11-150000.3.42.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:09 -0000 Subject: SUSE-RU-2023:2132-1: moderate: Recommended update for hwloc Message-ID: <168363540902.30868.14430415511241774336@smelt2.suse.de> # Recommended update for hwloc Announcement ID: SUSE-RU-2023:2132-1 Rating: moderate References: * #1210227 Affected Products: * Basesystem Module 15-SP4 * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for hwloc fixes the following issue: * Added fix to avoid crash of slurmctld when using pmix (bsc#1210227) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2132=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2132=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-2132=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * hwloc-debuginfo-2.5.0-150400.3.3.1 * hwloc-debugsource-2.5.0-150400.3.3.1 * hwloc-2.5.0-150400.3.3.1 * hwloc-devel-2.5.0-150400.3.3.1 * libhwloc15-2.5.0-150400.3.3.1 * libhwloc15-debuginfo-2.5.0-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * hwloc-doc-2.5.0-150400.3.3.1 * hwloc-data-2.5.0-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * hwloc-data-2.5.0-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libhwloc15-2.5.0-150400.3.3.1 * hwloc-debuginfo-2.5.0-150400.3.3.1 * hwloc-debugsource-2.5.0-150400.3.3.1 * libhwloc15-debuginfo-2.5.0-150400.3.3.1 * HPC Module 15-SP4 (aarch64 x86_64) * hwloc-debuginfo-2.5.0-150400.3.3.1 * hwloc-2.5.0-150400.3.3.1 * hwloc-debugsource-2.5.0-150400.3.3.1 * hwloc-devel-2.5.0-150400.3.3.1 * HPC Module 15-SP4 (noarch) * hwloc-doc-2.5.0-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210227 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:10 -0000 Subject: SUSE-SU-2023:0722-2: moderate: Security update for python-cryptography Message-ID: <168363541029.30868.10359476285474044090@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:0722-2 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-722=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-722=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * python3-cryptography-debuginfo-3.3.2-150400.16.6.1 * python3-cryptography-3.3.2-150400.16.6.1 * python-cryptography-debugsource-3.3.2-150400.16.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 12:30:12 -0000 Subject: SUSE-RU-2023:2131-1: important: Recommended update for openssh Message-ID: <168363541270.30868.2608197015228805932@smelt2.suse.de> # Recommended update for openssh Announcement ID: SUSE-RU-2023:2131-1 Rating: important References: * #1207014 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openssh fixes the following issues: * Remove some patches that cause invalid environment assignments (bsc#1207014). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2131=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2131=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2131=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2131=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2131=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2131=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2131=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2131=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2131=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2131=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2131=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2131=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2131=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2131=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2131=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2131=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2131=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2131=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2131=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2131=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssh-cavs-debuginfo-8.4p1-150300.3.18.2 * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-cavs-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Manager Proxy 4.2 (x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-helpers-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-helpers-debuginfo-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-askpass-gnome-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debugsource-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-askpass-gnome-debuginfo-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openssh-fips-8.4p1-150300.3.18.2 * openssh-server-debuginfo-8.4p1-150300.3.18.2 * openssh-server-8.4p1-150300.3.18.2 * openssh-debugsource-8.4p1-150300.3.18.2 * openssh-clients-8.4p1-150300.3.18.2 * openssh-common-8.4p1-150300.3.18.2 * openssh-debuginfo-8.4p1-150300.3.18.2 * openssh-common-debuginfo-8.4p1-150300.3.18.2 * openssh-8.4p1-150300.3.18.2 * openssh-clients-debuginfo-8.4p1-150300.3.18.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207014 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:08:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:08:29 +0200 (CEST) Subject: SUSE-CU-2023:1482-1: Security update of suse/sles/15.5/cdi-apiserver Message-ID: <20230509160829.8B8B7FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1482-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.4.2 , suse/sles/15.5/cdi-apiserver:1.55.0.17.215 Container Release : 17.215 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-api-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:08:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:08:35 +0200 (CEST) Subject: SUSE-CU-2023:1483-1: Security update of suse/sles/15.5/cdi-cloner Message-ID: <20230509160835.E2C24FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1483-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.4.2 , suse/sles/15.5/cdi-cloner:1.55.0.17.213 Container Release : 17.213 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-cloner-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:08:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:08:42 +0200 (CEST) Subject: SUSE-CU-2023:1484-1: Security update of suse/sles/15.5/cdi-controller Message-ID: <20230509160842.59D0BFBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1484-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.4.2 , suse/sles/15.5/cdi-controller:1.55.0.17.214 Container Release : 17.214 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-controller-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:08:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:08:49 +0200 (CEST) Subject: SUSE-CU-2023:1485-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230509160849.1705FFBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1485-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.4.2 , suse/sles/15.5/cdi-importer:1.55.0.17.281 Container Release : 17.281 Severity : important Type : security References : 1209713 1209714 1210135 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libnettle8-3.8.1-150500.2.23 updated - qemu-block-curl-7.1.0-150500.47.13 updated - libhogweed6-3.8.1-150500.2.23 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.2 updated - qemu-tools-7.1.0-150500.47.13 updated - util-linux-systemd-2.37.4-150500.7.2 updated - containerized-data-importer-importer-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:08:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:08:55 +0200 (CEST) Subject: SUSE-CU-2023:1486-1: Security update of suse/sles/15.5/cdi-operator Message-ID: <20230509160855.0F3B8FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1486-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.4.2 , suse/sles/15.5/cdi-operator:1.55.0.17.214 Container Release : 17.214 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-operator-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:01 +0200 (CEST) Subject: SUSE-CU-2023:1487-1: Security update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230509160901.49A56FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1487-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.4.2 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.214 Container Release : 17.214 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-uploadproxy-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:08 +0200 (CEST) Subject: SUSE-CU-2023:1488-1: Security update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230509160908.04D9EFBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1488-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.4.2 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.278 Container Release : 17.278 Severity : important Type : security References : 1209713 1209714 1210135 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libnettle8-3.8.1-150500.2.23 updated - libhogweed6-3.8.1-150500.2.23 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.2 updated - qemu-tools-7.1.0-150500.47.13 updated - containerized-data-importer-uploadserver-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:16 +0200 (CEST) Subject: SUSE-CU-2023:1489-1: Security update of suse/sles/15.5/virt-api Message-ID: <20230509160916.40464FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1489-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.5.2 , suse/sles/15.5/virt-api:0.58.0.17.251 Container Release : 17.251 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-virt-api-0.58.0-150500.5.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:22 +0200 (CEST) Subject: SUSE-CU-2023:1490-1: Security update of suse/sles/15.5/virt-controller Message-ID: <20230509160922.8EDAAFBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1490-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.5.2 , suse/sles/15.5/virt-controller:0.58.0.17.251 Container Release : 17.251 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-virt-controller-0.58.0-150500.5.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:29 +0200 (CEST) Subject: SUSE-CU-2023:1491-1: Security update of suse/sles/15.5/virt-exportproxy Message-ID: <20230509160929.25846FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1491-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.5.2 , suse/sles/15.5/virt-exportproxy:0.58.0.1.249 Container Release : 1.249 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-virt-exportproxy-0.58.0-150500.5.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:35 +0200 (CEST) Subject: SUSE-CU-2023:1492-1: Security update of suse/sles/15.5/virt-exportserver Message-ID: <20230509160935.A7623FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1492-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.5.2 , suse/sles/15.5/virt-exportserver:0.58.0.1.249 Container Release : 1.249 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-virt-exportserver-0.58.0-150500.5.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:42 +0200 (CEST) Subject: SUSE-CU-2023:1493-1: Security update of suse/sles/15.5/virt-handler Message-ID: <20230509160942.2D981FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1493-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.5.2 , suse/sles/15.5/virt-handler:0.58.0.18.316 Container Release : 18.316 Severity : important Type : security References : 1209713 1209714 1210135 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-container-disk-0.58.0-150500.5.2 updated - kubevirt-virt-handler-0.58.0-150500.5.2 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libnettle8-3.8.1-150500.2.23 updated - libhogweed6-3.8.1-150500.2.23 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.2 updated - qemu-tools-7.1.0-150500.47.13 updated - util-linux-systemd-2.37.4-150500.7.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:09:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:48 +0200 (CEST) Subject: SUSE-CU-2023:1494-1: Security update of suse/sles/15.5/virt-launcher Message-ID: <20230509160948.E7DF9FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1494-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.5.2 , suse/sles/15.5/virt-launcher:0.58.0.20.141 Container Release : 20.141 Severity : important Type : security References : 1206022 1206023 1208079 1209713 1209714 1210135 1210418 1210507 CVE-2023-1017 CVE-2023-1018 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 CVE-2023-30630 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1947-1 Released: Fri Apr 21 14:14:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2051-1 Released: Thu Apr 27 11:30:01 2023 Summary: Security update for libtpms Type: security Severity: important References: 1206022,1206023,CVE-2023-1017,CVE-2023-1018 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - dmidecode-3.4-150400.16.8.1 updated - kubevirt-container-disk-0.58.0-150500.5.2 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libgobject-2_0-0-2.70.5-150400.3.8.1 updated - libnettle8-3.8.1-150500.2.23 updated - libtpms0-0.8.2-150300.3.9.1 updated - qemu-accel-tcg-x86-7.1.0-150500.47.13 updated - qemu-ipxe-1.0.0+-150500.47.13 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.13 updated - qemu-sgabios-8-150500.47.13 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.13 updated - systemd-rpm-macros-12-150000.7.30.1 updated - libndctl6-75-150500.2.2 updated - libhogweed6-3.8.1-150500.2.23 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.2 updated - qemu-hw-usb-redirect-7.1.0-150500.47.13 updated - suse-module-tools-15.5.1-150500.1.2 updated - xen-libs-4.17.0_06-150500.1.8 updated - libgio-2_0-0-2.70.5-150400.3.8.1 updated - glib2-tools-2.70.5-150400.3.8.1 updated - qemu-tools-7.1.0-150500.47.13 updated - libvirt-libs-9.0.0-150500.4.2 updated - rdma-core-42.0-150500.1.3 updated - libvirt-daemon-9.0.0-150500.4.2 updated - libvirt-client-9.0.0-150500.4.2 updated - kubevirt-virt-launcher-0.58.0-150500.5.2 updated - swtpm-0.7.3-150500.2.1 updated - libibverbs1-42.0-150500.1.3 updated - libmlx5-1-42.0-150500.1.3 updated - libmlx4-1-42.0-150500.1.3 updated - libefa1-42.0-150500.1.3 updated - libibverbs-42.0-150500.1.3 updated - librdmacm1-42.0-150500.1.3 updated - qemu-x86-7.1.0-150500.47.13 updated - qemu-7.1.0-150500.47.13 updated - libvirt-daemon-driver-qemu-9.0.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated - python3-3.6.15-150300.10.45.1 removed - python3-appdirs-1.4.3-1.21 removed - python3-asn1crypto-0.24.0-3.2.1 removed - python3-cffi-1.13.2-3.2.5 removed - python3-cryptography-3.3.2-150400.16.6.1 removed - python3-ordered-set-4.0.2-150400.1.4 removed - python3-packaging-20.3-1.9 removed - python3-pyasn1-0.4.2-3.2.1 removed - python3-pycparser-2.17-3.2.1 removed - python3-pyparsing-2.4.7-1.24 removed - python3-setuptools-44.1.1-150400.3.3.1 removed - python3-six-1.14.0-12.1 removed From sle-updates at lists.suse.com Tue May 9 16:09:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:09:55 +0200 (CEST) Subject: SUSE-CU-2023:1495-1: Security update of suse/sles/15.5/libguestfs-tools Message-ID: <20230509160955.99920FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1495-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.5.2 , suse/sles/15.5/libguestfs-tools:0.58.0.17.233 Container Release : 17.233 Severity : important Type : security References : 1208079 1209713 1209714 1210135 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libgobject-2_0-0-2.70.5-150400.3.8.1 updated - libnettle8-3.8.1-150500.2.23 updated - mdadm-4.2-150500.4.2 updated - qemu-accel-tcg-x86-7.1.0-150500.47.13 updated - qemu-ipxe-1.0.0+-150500.47.13 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.13 updated - qemu-sgabios-8-150500.47.13 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.13 updated - systemd-rpm-macros-12-150000.7.30.1 updated - libndctl6-75-150500.2.2 updated - libhogweed6-3.8.1-150500.2.23 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.2 updated - xen-libs-4.17.0_06-150500.1.8 updated - libgio-2_0-0-2.70.5-150400.3.8.1 updated - glib2-tools-2.70.5-150400.3.8.1 updated - qemu-tools-7.1.0-150500.47.13 updated - util-linux-systemd-2.37.4-150500.7.2 updated - libvirt-libs-9.0.0-150500.4.2 updated - wicked-0.6.72-150500.1.2 updated - wicked-service-0.6.72-150500.1.2 updated - dracut-mkinitrd-deprecated-055+suse.360.g076f1113-150500.1.2 updated - suse-module-tools-15.5.1-150500.1.2 updated - dracut-055+suse.360.g076f1113-150500.1.2 updated - kernel-kvmsmall-5.14.21-150500.52.1 updated - rdma-core-42.0-150500.1.3 updated - dracut-fips-055+suse.360.g076f1113-150500.1.2 updated - libibverbs1-42.0-150500.1.3 updated - libmlx5-1-42.0-150500.1.3 updated - libmlx4-1-42.0-150500.1.3 updated - libefa1-42.0-150500.1.3 updated - libibverbs-42.0-150500.1.3 updated - librdmacm1-42.0-150500.1.3 updated - qemu-x86-7.1.0-150500.47.13 updated - qemu-7.1.0-150500.47.13 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:10:01 +0200 (CEST) Subject: SUSE-CU-2023:1496-1: Security update of suse/sles/15.5/virt-operator Message-ID: <20230509161001.EE92BFBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1496-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.5.2 , suse/sles/15.5/virt-operator:0.58.0.17.251 Container Release : 17.251 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated - libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - kubevirt-virt-operator-0.58.0-150500.5.2 updated - container:sles15-image-15.0.0-34.31 updated From sle-updates at lists.suse.com Tue May 9 16:10:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2023 18:10:25 +0200 (CEST) Subject: SUSE-CU-2023:1498-1: Security update of trento/trento-web Message-ID: <20230509161025.DBE03FBB2@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1498-1 Container Tags : trento/trento-web:2.0.0 , trento/trento-web:2.0.0-build4.21.2 , trento/trento-web:latest Container Release : 4.21.2 Severity : important Type : security References : 1065270 1121365 1177460 1194038 1198472 1199132 1199467 1200657 1200723 1202436 1202436 1203599 1203600 1203652 1203857 1204423 1204585 1204585 1205000 1205126 1205646 1206309 1206738 1207533 1207534 1207536 1207538 1207571 1207753 1207957 1207975 1207992 1208358 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 1210411 1210412 1210507 CVE-2021-3541 CVE-2022-29824 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4415 CVE-2022-4450 CVE-2022-48303 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.16-150400.8.25.7 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - libdw1-0.185-150400.5.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.6.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - libtirpc3-1.2.6-150300.3.17.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-7.79.1-150400.5.18.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - shadow-4.8.1-150400.10.6.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2023c-150000.75.23.1 updated - tar-1.34-150000.3.31.1 updated - container:bci-nodejs-16-15.0.0-27.14.56 added - container:sles15-image-15.0.0-27.14.56 updated - container:nodejs-16-image-15.0.0-17.20.75 removed - libebl-plugins-0.177-150300.11.3.1 removed From sle-updates at lists.suse.com Tue May 9 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:07 -0000 Subject: SUSE-SU-2023:2151-1: important: Security update for the Linux Kernel Message-ID: <168364980798.8937.11697246092791550881@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2151-1 Rating: important References: * #1202353 * #1205128 * #1209613 * #1209687 * #1209777 * #1209871 * #1209887 * #1210202 * #1210301 * #1210329 * #1210336 * #1210337 * #1210469 * #1210498 * #1210506 * #1210647 Cross-References: * CVE-2020-36691 * CVE-2022-43945 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 11 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). The following non-security bugs were fixed: * cifs: fix negotiate context parsing (bsc#1210301). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2151=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2151=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2151=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2151=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2151=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2151=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.145.1 * kernel-kvmsmall-4.12.14-150100.197.145.1 * kernel-debug-4.12.14-150100.197.145.1 * kernel-default-4.12.14-150100.197.145.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-debuginfo-4.12.14-150100.197.145.1 * kernel-debug-base-4.12.14-150100.197.145.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.145.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.145.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.145.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.145.1 * kernel-vanilla-base-4.12.14-150100.197.145.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.145.1 * kernel-default-base-debuginfo-4.12.14-150100.197.145.1 * kernel-vanilla-debugsource-4.12.14-150100.197.145.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.145.1 * kernel-kvmsmall-base-4.12.14-150100.197.145.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.145.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.145.1 * kernel-zfcpdump-man-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-livepatch-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * kernel-default-livepatch-devel-4.12.14-150100.197.145.1 * kernel-livepatch-4_12_14-150100_197_145-default-1-150100.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.145.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.145.1 * dlm-kmp-default-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.145.1 * gfs2-kmp-default-4.12.14-150100.197.145.1 * cluster-md-kmp-default-4.12.14-150100.197.145.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.145.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-obs-build-4.12.14-150100.197.145.1 * kernel-default-base-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-debugsource-4.12.14-150100.197.145.1 * kernel-default-devel-4.12.14-150100.197.145.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.145.1 * kernel-default-base-debuginfo-4.12.14-150100.197.145.1 * kernel-syms-4.12.14-150100.197.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.145.1 * kernel-devel-4.12.14-150100.197.145.1 * kernel-source-4.12.14-150100.197.145.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-4.12.14-150100.197.145.1 * kernel-default-base-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-debugsource-4.12.14-150100.197.145.1 * kernel-default-devel-4.12.14-150100.197.145.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.145.1 * kernel-default-base-debuginfo-4.12.14-150100.197.145.1 * kernel-syms-4.12.14-150100.197.145.1 * reiserfs-kmp-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.145.1 * kernel-devel-4.12.14-150100.197.145.1 * kernel-source-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-default-man-4.12.14-150100.197.145.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.145.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-4.12.14-150100.197.145.1 * kernel-default-base-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-debugsource-4.12.14-150100.197.145.1 * kernel-default-devel-4.12.14-150100.197.145.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.145.1 * kernel-default-base-debuginfo-4.12.14-150100.197.145.1 * kernel-syms-4.12.14-150100.197.145.1 * reiserfs-kmp-default-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-macros-4.12.14-150100.197.145.1 * kernel-devel-4.12.14-150100.197.145.1 * kernel-source-4.12.14-150100.197.145.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.145.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.145.1 * SUSE CaaS Platform 4.0 (x86_64) * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-4.12.14-150100.197.145.1 * kernel-default-base-4.12.14-150100.197.145.1 * kernel-default-debugsource-4.12.14-150100.197.145.1 * kernel-default-debuginfo-4.12.14-150100.197.145.1 * kernel-obs-build-debugsource-4.12.14-150100.197.145.1 * kernel-default-devel-4.12.14-150100.197.145.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.145.1 * kernel-default-base-debuginfo-4.12.14-150100.197.145.1 * kernel-syms-4.12.14-150100.197.145.1 * reiserfs-kmp-default-4.12.14-150100.197.145.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-macros-4.12.14-150100.197.145.1 * kernel-devel-4.12.14-150100.197.145.1 * kernel-source-4.12.14-150100.197.145.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.145.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1209613 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:15 -0000 Subject: SUSE-SU-2023:2146-1: important: Security update for the Linux Kernel Message-ID: <168364981584.8937.6724419118852924014@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2146-1 Rating: important References: * #1202353 * #1205128 * #1206992 * #1209613 * #1209687 * #1209777 * #1209871 * #1210202 * #1210203 * #1210301 * #1210329 * #1210336 * #1210337 * #1210414 * #1210417 * #1210453 * #1210469 * #1210506 * #1210629 * #1210647 Cross-References: * CVE-2020-36691 * CVE-2022-2196 * CVE-2022-43945 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1838 * CVE-2023-1855 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2162 * CVE-2023-2176 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 15 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * Replace mkinitrd dependency with dracut (bsc#1202353). * cifs: fix negotiate context parsing (bsc#1210301). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2146=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2146=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2146=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2146=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2146=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2146=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150200.24.151.1 * kernel-livepatch-SLE15-SP2_Update_36-debugsource-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_151-default-1-150200.5.3.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * kernel-default-livepatch-devel-5.3.18-150200.24.151.1 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-1-150200.5.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.151.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.151.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.151.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.151.1 * dlm-kmp-default-5.3.18-150200.24.151.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * cluster-md-kmp-default-5.3.18-150200.24.151.1 * gfs2-kmp-default-5.3.18-150200.24.151.1 * ocfs2-kmp-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.151.1 * kernel-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-5.3.18-150200.24.151.1 * kernel-default-devel-5.3.18-150200.24.151.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * kernel-obs-build-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-syms-5.3.18-150200.24.151.1 * kernel-obs-build-5.3.18-150200.24.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-devel-5.3.18-150200.24.151.1 * kernel-macros-5.3.18-150200.24.151.1 * kernel-source-5.3.18-150200.24.151.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1 * kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-default-devel-5.3.18-150200.24.151.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * kernel-obs-build-debugsource-5.3.18-150200.24.151.1 * reiserfs-kmp-default-5.3.18-150200.24.151.1 * kernel-syms-5.3.18-150200.24.151.1 * kernel-obs-build-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-devel-5.3.18-150200.24.151.1 * kernel-macros-5.3.18-150200.24.151.1 * kernel-source-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1 * kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-default-devel-5.3.18-150200.24.151.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * kernel-obs-build-debugsource-5.3.18-150200.24.151.1 * reiserfs-kmp-default-5.3.18-150200.24.151.1 * kernel-syms-5.3.18-150200.24.151.1 * kernel-obs-build-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-devel-5.3.18-150200.24.151.1 * kernel-macros-5.3.18-150200.24.151.1 * kernel-source-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.151.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-5.3.18-150200.24.151.1 * SUSE Enterprise Storage 7 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.151.1 * kernel-default-5.3.18-150200.24.151.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1 * kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-devel-5.3.18-150200.24.151.1 * kernel-default-devel-5.3.18-150200.24.151.1 * kernel-default-debugsource-5.3.18-150200.24.151.1 * kernel-default-debuginfo-5.3.18-150200.24.151.1 * kernel-obs-build-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-debuginfo-5.3.18-150200.24.151.1 * kernel-preempt-debugsource-5.3.18-150200.24.151.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1 * reiserfs-kmp-default-5.3.18-150200.24.151.1 * kernel-syms-5.3.18-150200.24.151.1 * kernel-obs-build-5.3.18-150200.24.151.1 * SUSE Enterprise Storage 7 (noarch) * kernel-devel-5.3.18-150200.24.151.1 * kernel-macros-5.3.18-150200.24.151.1 * kernel-source-5.3.18-150200.24.151.1 * SUSE Enterprise Storage 7 (noarch nosrc) * kernel-docs-5.3.18-150200.24.151.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1209613 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210414 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:32 -0000 Subject: SUSE-SU-2023:2140-1: important: Security update for the Linux Kernel Message-ID: <168364983249.8937.6119263689945895144@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2140-1 Rating: important References: * #1142685 * #1155798 * #1174777 * #1189999 * #1194869 * #1203039 * #1203325 * #1204042 * #1206649 * #1206891 * #1206992 * #1207088 * #1208076 * #1208822 * #1208845 * #1209615 * #1209693 * #1209739 * #1209871 * #1209927 * #1209999 * #1210034 * #1210158 * #1210202 * #1210206 * #1210301 * #1210329 * #1210336 * #1210337 * #1210439 * #1210453 * #1210454 * #1210469 * #1210499 * #1210506 * #1210629 * #1210630 * #1210725 * #1210729 * #1210762 * #1210763 * #1210764 * #1210765 * #1210766 * #1210767 * #1210768 * #1210769 * #1210770 * #1210771 * #1210793 * #1210816 * #1210817 * #1210827 * #1210943 * #1210953 * #1210986 * #1211025 Cross-References: * CVE-2022-2196 * CVE-2023-0386 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2019 * CVE-2023-2176 * CVE-2023-2235 * CVE-2023-23006 * CVE-2023-30772 CVSS scores: * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2019 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2019 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 13 vulnerabilities, contains two features and has 44 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: * ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). * ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). * ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). * ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). * ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). * ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). * ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git- fixes). * ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). * ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). * ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git- fixes). * ALSA: hda/sigmatel: fix S/PDIF out on Intel D _45_ motherboards (git-fixes). * ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). * ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). * ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). * ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). * ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). * ARM: dts: gta04: fix excess dma channel usage (git-fixes). * ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). * ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). * ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). * ASN.1: Fix check for strdup() success (git-fixes). * ASoC: cs35l41: Only disable internal boost (git-fixes). * ASoC: es8316: Handle optional IRQ assignment (git-fixes). * ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). * ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). * Bluetooth: Fix race condition in hidp_session_thread (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git- fixes). * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * IB/mlx5: Add support for 400G_8X lane speed (git-fixes) * Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * KEYS: Add missing function documentation (git-fixes). * KEYS: Create static version of public_key_verify_signature (git-fixes). * NFS: Cleanup unused rpc_clnt variable (git-fixes). * NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). * NFSD: callback request does not use correct credential for AUTH_SYS (git- fixes). * PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). * PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). * PCI: imx6: Install the fault handler only on compatible match (git-fixes). * PCI: loongson: Add more devices that need MRRS quirk (git-fixes). * PCI: loongson: Prevent LS7A MRRS increases (git-fixes). * PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git- fixes). * PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). * RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) * RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) * RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) * RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) * RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) * Remove obsolete KMP obsoletes (bsc#1210469). * Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). * Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * USB: serial: option: add Quectel RM500U-CN modem (git-fixes). * USB: serial: option: add Telit FE990 compositions (git-fixes). * USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * amdgpu: disable powerpc support for the newer display engine (bsc#1194869). * arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). * arm64: dts: meson-g12-common: specify full DMC range (git-fixes). * arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git- fixes). * arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). * arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). * arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). * arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). * bluetooth: Perform careful capability checks in hci_sock_ioctl() (git- fixes). * cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods * cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * clk: add missing of_node_put() in "assigned-clocks" property parsing (git- fixes). * clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). * clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). * clk: sprd: set max_register according to mapping range (git-fixes). * clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). * cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). * cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * crypto: caam - Clear some memory in instantiate_rng (git-fixes). * crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). * crypto: sa2ul - Select CRYPTO_DES (git-fixes). * crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). * driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). * drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). * drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git- fixes). * drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). * drm/amd/display: Fix potential null dereference (git-fixes). * drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). * drm/armada: Fix a potential double free in an error handling path (git- fixes). * drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git- fixes). * drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). * drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). * drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). * drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). * drm/i915: Fix fast wake AUX sync len (git-fixes). * drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). * drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). * drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). * drm/msm: fix NULL-deref on snapshot tear down (git-fixes). * drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). * drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). * drm/probe-helper: Cancel previous job before starting new one (git-fixes). * drm/rockchip: Drop unbalanced obj unref (git-fixes). * drm/vgem: add missing mutex_destroy (git-fixes). * drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git- fixes). * drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). * dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). * dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). * dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git- fixes). * dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). * dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). * dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git- fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). * ext4: Fix deadlock during directory rename (bsc#1210763). * ext4: Fix possible corruption when moving a directory (bsc#1210763). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). * ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). * ext4: fix possible double unlock when moving a directory (bsc#1210763). * ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). * fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). * firmware: qcom_scm: Clear download bit during reboot (git-fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fpga: bridge: fix kernel-doc parameter description (git-fixes). * hwmon: (adt7475) Use device_property APIs when configuring polarity (git- fixes). * hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). * hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git- fixes). * i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). * i2c: hisi: Avoid redundant interrupts (git-fixes). * i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). * i2c: ocores: generate stop condition after timeout in polling mode (git- fixes). * i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). * iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). * iio: light: tsl2772: fix reading proximity-diodes from device tree (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * ipmi:ssif: Add send_retries increment (git-fixes). * k-m-s: Drop Linux 2.6 support * kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). * kABI: x86/msi: Fix msi message data shadow struct (kabi). * kabi/severities: ignore KABI for NVMe target (bsc#1174777). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * locking/rwbase: Mitigate indefinite writer starvation. * media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). * media: max9286: Free control handler (git-fixes). * media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). * media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). * media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). * media: venus: dec: Fix handling of the start cmd (git-fixes). * memstick: fix memory leak if card device is never registered (git-fixes). * mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). * mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). * mm: take a page reference when removing device exclusive entries (bsc#1211025). * mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git- fixes). * mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). * mtd: core: fix error path for nvmem provider (git-fixes). * mtd: core: fix nvmem error reporting (git-fixes). * mtd: core: provide unique name for nvmem device, take two (git-fixes). * mtd: spi-nor: Fix a trivial typo (git-fixes). * net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). * net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git- fixes). * nfsd: call op_release, even when op_func returns an error (git-fixes). * nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). * nilfs2: initialize unused bytes in segment summary blocks (git-fixes). * nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). * nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). * nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git- fixes). * nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). * nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). * nvme-multipath: fix possible hang in live ns resize with ANA access (git- fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme-pci: fix mempool alloc size (git-fixes). * nvme-pci: fix page size checks (git-fixes). * nvme-pci: fix timeout request state check (git-fixes). * nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). * nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix regression that causes sporadic requests to time out (git- fixes). * nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git- fixes). * nvme: add device name to warning in uuid_show() (git-fixes). * nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). * nvme: fix async event trace event (git-fixes). * nvme: fix handling single range discard request (git-fixes). * nvme: fix per-namespace chardev deletion (git-fixes). * nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). * nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). * nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). * nvme: move nvme_multi_css into nvme.h (git-fixes). * nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: set dma alignment to dword (git-fixes). * nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git- fixes). * nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). * nvmet-tcp: fix incomplete data digest send (git-fixes). * nvmet-tcp: fix regression in data_digest calculation (git-fixes). * nvmet: add helpers to set the result field for connect commands (git-fixes). * nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). * nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). * nvmet: fix I/O Command Set specific Identify Controller (git-fixes). * nvmet: fix Identify Active Namespace ID list handling (git-fixes). * nvmet: fix Identify Controller handling (git-fixes). * nvmet: fix Identify Namespace handling (git-fixes). * nvmet: fix a memory leak (git-fixes). * nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). * nvmet: fix a use-after-free (git-fixes). * nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git- fixes). * nvmet: force reconnect when number of queue changes (git-fixes). * nvmet: looks at the passthrough controller when initializing CAP (git- fixes). * nvmet: only allocate a single slab for bvecs (git-fixes). * nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). * perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). * perf/core: Fix the same task check in perf_event_set_output (git fixes). * perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). * perf: fix perf_event_context->time (git fixes). * platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). * platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). * power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). * power: supply: generic-adc-battery: fix unit scaling (git-fixes). * powerpc/64: Always build with 128-bit long double (bsc#1194869). * powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). * powerpc/hv-gpci: Fix hv_gpci event list (git fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc: declare unmodified attribute_group usages const (git-fixes). * regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). * regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). * regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). * regulator: fan53555: Explicitly include bits header (git-fixes). * regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). * regulator: stm32-pwr: fix of_iomap leak (git-fixes). * remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). * remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). * remoteproc: st: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). * rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git- fixes). * rtc: omap: include header for omap_rtc_power_off_program prototype (git- fixes). * sched/fair: Fix imbalance overflow (bsc#1155798). * sched/fair: Limit sched slice duration (bsc#1189999). * sched/fair: Move calculate of avg_load to a better location (bsc#1155798). * sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). * sched/fair: sanitize vruntime of entity being placed (bsc#1203325). * sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). * sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Fix a procfs host directory removal regression (git-fixes). * scsi: core: Fix a source code comment (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: hisi_sas: Check devm_add_action() return value (git-fixes). * scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git- fixes). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). * scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). * scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: mpt3sas: Do not print sense pool info twice (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). * seccomp: Move copy_seccomp() to no failure path (bsc#1210817). * selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). * selftests: sigaltstack: fix -Wuninitialized (git-fixes). * selinux: ensure av_permissions.h is built when needed (git-fixes). * selinux: fix Makefile dependencies of flask.h (git-fixes). * serial: 8250: Add missing wakeup event reporting (git-fixes). * serial: 8250_bcm7271: Fix arbitration handling (git-fixes). * serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git- fixes). * serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). * signal handling: do not use BUG_ON() for debugging (bsc#1210439). * signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). * signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). * signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). * soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). * spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). * spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). * spi: qup: Do not skip cleanup in remove's error path (git-fixes). * staging: iio: resolver: ads1210: fix config mode (git-fixes). * staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git- fixes). * stat: fix inconsistency between struct stat and struct compat_stat (git- fixes). * sunrpc: only free unix grouplist after RCU settles (git-fixes). * tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). * tty: serial: fsl_lpuart: adjust buffer length to the intended size (git- fixes). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Support splicing to file (bsc#1210770). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). * usb: dwc3: gadget: Change condition for processing suspend event (git- fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). * usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). * usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). * usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). * virt/coco/sev-guest: Add throttling awareness (bsc#1209927). * virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). * virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). * virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). * virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). * virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). * virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). * virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). * virtio_ring: do not update event idx on get_buf (git-fixes). * vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * wifi: ath6kl: minor fix for allocation size (git-fixes). * wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). * wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git- fixes). * wifi: brcmfmac: support CQM RSSI notification with older firmware (git- fixes). * wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). * wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). * wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). * wifi: iwlwifi: fw: move memset before early return (git-fixes). * wifi: iwlwifi: make the loop for card preparation effective (git-fixes). * wifi: iwlwifi: mvm: check firmware response size (git-fixes). * wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). * wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). * wifi: iwlwifi: mvm: initialize seq variable (git-fixes). * wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). * wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). * wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). * wifi: mac80211: adjust scan cancel comment/check (git-fixes). * wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). * wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). * wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). * wifi: mwifiex: mark OF related data as maybe unused (git-fixes). * wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git- fixes). * wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). * writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). * x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). * x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). * x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/entry: Avoid very early RET (git-fixes). * x86/entry: Do not call error_entry() for XENPV (git-fixes). * x86/entry: Move CLD to the start of the idtentry macro (git-fixes). * x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). * x86/entry: Switch the stack after error_entry() returns (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git- fixes). * x86/msi: Fix msi message data shadow struct (git-fixes). * x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). * x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). * x86/tsx: Disable TSX development mode at boot (git-fixes). * x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). * xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: * Do not ship on s390x (bsc#1210729) * Add exfat (bsc#1208822) * Add _diag modules for included socket types (bsc#1204042) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2140=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2140=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2140=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2140=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2140=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2140=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2140=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2140=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2140=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2140=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2140=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2140=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.63.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.63.1 * kernel-obs-build-5.14.21-150400.24.63.1 * kernel-default-devel-5.14.21-150400.24.63.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.63.1 * kernel-default-extra-5.14.21-150400.24.63.1 * kernel-obs-build-debugsource-5.14.21-150400.24.63.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-livepatch-devel-5.14.21-150400.24.63.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.63.1 * dlm-kmp-default-5.14.21-150400.24.63.1 * kernel-default-livepatch-5.14.21-150400.24.63.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.63.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.63.1 * reiserfs-kmp-default-5.14.21-150400.24.63.1 * kernel-default-optional-5.14.21-150400.24.63.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.63.1 * cluster-md-kmp-default-5.14.21-150400.24.63.1 * gfs2-kmp-default-5.14.21-150400.24.63.1 * ocfs2-kmp-default-5.14.21-150400.24.63.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.63.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.63.1 * kernel-obs-qa-5.14.21-150400.24.63.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * kselftests-kmp-default-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-livepatch-devel-5.14.21-150400.24.63.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.63.1 * kernel-debug-debuginfo-5.14.21-150400.24.63.1 * kernel-debug-debugsource-5.14.21-150400.24.63.1 * kernel-debug-devel-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.63.1 * kernel-default-base-rebuild-5.14.21-150400.24.63.1.150400.24.27.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.63.1 * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.63.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.63.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.63.1 * kernel-docs-html-5.14.21-150400.24.63.1 * kernel-source-5.14.21-150400.24.63.1 * kernel-macros-5.14.21-150400.24.63.1 * kernel-source-vanilla-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.63.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (aarch64) * dtb-allwinner-5.14.21-150400.24.63.1 * kernel-64kb-extra-5.14.21-150400.24.63.1 * dtb-amlogic-5.14.21-150400.24.63.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * kernel-64kb-optional-5.14.21-150400.24.63.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * dtb-socionext-5.14.21-150400.24.63.1 * dtb-renesas-5.14.21-150400.24.63.1 * dtb-apple-5.14.21-150400.24.63.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * dtb-amazon-5.14.21-150400.24.63.1 * dtb-qcom-5.14.21-150400.24.63.1 * reiserfs-kmp-64kb-5.14.21-150400.24.63.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.63.1 * kernel-64kb-debuginfo-5.14.21-150400.24.63.1 * dtb-mediatek-5.14.21-150400.24.63.1 * dtb-cavium-5.14.21-150400.24.63.1 * dtb-altera-5.14.21-150400.24.63.1 * dtb-sprd-5.14.21-150400.24.63.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.63.1 * kernel-64kb-devel-5.14.21-150400.24.63.1 * ocfs2-kmp-64kb-5.14.21-150400.24.63.1 * dtb-apm-5.14.21-150400.24.63.1 * dtb-xilinx-5.14.21-150400.24.63.1 * dtb-broadcom-5.14.21-150400.24.63.1 * dtb-arm-5.14.21-150400.24.63.1 * dlm-kmp-64kb-5.14.21-150400.24.63.1 * dtb-amd-5.14.21-150400.24.63.1 * dtb-freescale-5.14.21-150400.24.63.1 * dtb-rockchip-5.14.21-150400.24.63.1 * gfs2-kmp-64kb-5.14.21-150400.24.63.1 * cluster-md-kmp-64kb-5.14.21-150400.24.63.1 * dtb-hisilicon-5.14.21-150400.24.63.1 * kselftests-kmp-64kb-5.14.21-150400.24.63.1 * dtb-nvidia-5.14.21-150400.24.63.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.63.1 * dtb-lg-5.14.21-150400.24.63.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.63.1 * dtb-marvell-5.14.21-150400.24.63.1 * kernel-64kb-debugsource-5.14.21-150400.24.63.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.63.1 * dtb-exynos-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.63.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.63.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.63.1 * kernel-64kb-devel-5.14.21-150400.24.63.1 * kernel-64kb-debugsource-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.63.1 * kernel-default-devel-5.14.21-150400.24.63.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (noarch) * kernel-devel-5.14.21-150400.24.63.1 * kernel-macros-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.63.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.63.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.63.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.63.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.63.1 * kernel-obs-build-5.14.21-150400.24.63.1 * kernel-syms-5.14.21-150400.24.63.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.63.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.63.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150400.24.63.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-1-150400.9.3.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-livepatch-devel-5.14.21-150400.24.63.1 * kernel-default-livepatch-5.14.21-150400.24.63.1 * kernel-livepatch-5_14_21-150400_24_63-default-1-150400.9.3.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.63.1 * gfs2-kmp-default-5.14.21-150400.24.63.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.63.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.63.1 * ocfs2-kmp-default-5.14.21-150400.24.63.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.63.1 * cluster-md-kmp-default-5.14.21-150400.24.63.1 * dlm-kmp-default-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.63.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debuginfo-5.14.21-150400.24.63.1 * kernel-default-debugsource-5.14.21-150400.24.63.1 * kernel-default-extra-5.14.21-150400.24.63.1 ## References: * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2019.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1155798 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1189999 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203039 * https://bugzilla.suse.com/show_bug.cgi?id=1203325 * https://bugzilla.suse.com/show_bug.cgi?id=1204042 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1208076 * https://bugzilla.suse.com/show_bug.cgi?id=1208822 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1209615 * https://bugzilla.suse.com/show_bug.cgi?id=1209693 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209927 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210034 * https://bugzilla.suse.com/show_bug.cgi?id=1210158 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210206 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210439 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210454 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210630 * https://bugzilla.suse.com/show_bug.cgi?id=1210725 * https://bugzilla.suse.com/show_bug.cgi?id=1210729 * https://bugzilla.suse.com/show_bug.cgi?id=1210762 * https://bugzilla.suse.com/show_bug.cgi?id=1210763 * https://bugzilla.suse.com/show_bug.cgi?id=1210764 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210767 * https://bugzilla.suse.com/show_bug.cgi?id=1210768 * https://bugzilla.suse.com/show_bug.cgi?id=1210769 * https://bugzilla.suse.com/show_bug.cgi?id=1210770 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1210793 * https://bugzilla.suse.com/show_bug.cgi?id=1210816 * https://bugzilla.suse.com/show_bug.cgi?id=1210817 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1210943 * https://bugzilla.suse.com/show_bug.cgi?id=1210953 * https://bugzilla.suse.com/show_bug.cgi?id=1210986 * https://bugzilla.suse.com/show_bug.cgi?id=1211025 * https://jira.suse.com/browse/PED-3750 * https://jira.suse.com/browse/PED-3759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:38 -0000 Subject: SUSE-SU-2023:2152-1: important: Security update for amazon-ssm-agent Message-ID: <168364983804.8937.12810438989372199156@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:2152-1 Rating: important References: * #1200441 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2152=1 ## Package List: * Public Cloud Module 12 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-4.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:43 -0000 Subject: SUSE-SU-2023:2150-1: important: Security update for shim Message-ID: <168364984384.8937.9543288873596332128@smelt2.suse.de> # Security update for shim Announcement ID: SUSE-SU-2023:2150-1 Rating: important References: * #1185232 * #1185261 * #1185441 * #1185621 * #1187071 * #1187260 * #1187696 * #1193282 * #1198458 * #1201066 * #1202120 * #1205588 Cross-References: * CVE-2022-28737 CVSS scores: * CVE-2022-28737 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability, contains two features and has 11 fixes can now be installed. ## Description: This update for shim fixes the following issues: * Updated shim signature after shim 15.7 be signed back: signature- sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) * Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) * Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): * Make SBAT variable payload introspectable * Reference MokListRT instead of MokList * Add a link to the test plan in the readme. * [V3] Enable TDX measurement to RTMR register * Discard load-options that start with a NUL * Fixed load_cert_file bugs * Add -malign-double to IA32 compiler flags * pe: Fix image section entry-point validation * make-archive: Build reproducible tarball * mok: remove MokListTrusted from PCR 7 Other fixes: * Support enhance shim measurement to TD RTMR. (jsc#PED-1273) * shim-install: ensure grub.cfg created is not overwritten after installing grub related files * Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) * Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) * Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): * MokManager: removed Locate graphic output protocol fail error message * shim: implement SBAT verification for the shim_lock protocol * post-process-pe: Fix a missing return code check * Update github actions matrix to be more useful * post-process-pe: Fix format string warnings on 32-bit platforms * Allow MokListTrusted to be enabled by default * Re-add ARM AArch64 support * Use ASCII as fallback if Unicode Box Drawing characters fail * make: don't treat cert.S specially * shim: use SHIM_DEVEL_VERBOSE when built in devel mode * Break out of the inner sbat loop if we find the entry. * Support loading additional certificates * Add support for NX (W^X) mitigations. * Fix preserve_sbat_uefi_variable() logic * SBAT Policy latest should be a one-shot * pe: Fix a buffer overflow when SizeOfRawData > VirtualSize * pe: Perform image verification earlier when loading grub * Update advertised sbat generation number for shim * Update SBAT generation requirements for 05/24/22 * Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): * Broken ia32 relocs and an unimportant submodule change. * mok: allocate MOK config table as BootServicesData * Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) * Relax the check for import_mok_state() (bsc#1185261) * SBAT.md: trivial changes * shim: another attempt to fix load options handling * Add tests for our load options parsing. * arm/aa64: fix the size of .rela* sections * mok: fix potential buffer overrun in import_mok_state * mok: relax the maximum variable size check * Don't unhook ExitBootServices when EBS protection is disabled * fallback: find_boot_option() needs to return the index for the boot entry in optnum * httpboot: Ignore case when checking HTTP headers * Fallback allocation errors * shim: avoid BOOTx64.EFI in message on other architectures * str: remove duplicate parameter check * fallback: add compile option FALLBACK_NONINTERACTIVE * Test mok mirror * Modify sbat.md to help with readability. * csv: detect end of csv file correctly * Specify that the .sbat section is ASCII not UTF-8 * tests: add "include-fixed" GCC directory to include directories * pe: simplify generate_hash() * Don't make shim abort when TPM log event fails (RHBZ #2002265) * Fallback to default loader if parsed one does not exist * fallback: Fix for BootOrder crash when index returned * Better console checks * docs: update SBAT UEFI variable name * Don't parse load options if invoked from removable media path * fallback: fix fallback not passing arguments of the first boot option * shim: Don't stop forever at "Secure Boot not enabled" notification * Allocate mokvar table in runtime memory. * Remove post-process-pe on 'make clean' * pe: missing perror argument * CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) * Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) * Updated vendor dbx binary and script (bsc#1198458) * Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN- Certificate-2021-05.crt to vendor dbx list. * Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE- UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. * Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. * Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. * avoid buffer overflow when copying data to the MOK config table (bsc#1185232) * Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) * ignore the odd LoadOptions length (bsc#1185232) * shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist * relax the maximum variable size check for u-boot (bsc#1185621) * handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) * Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) * Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Update shim to 15.4-4.7.1, Version: 15.4, "Thu Jul 15 2021" * Update the SLE signatures * Includes fixes for MOK and boot problems (bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2150=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * shim-15.7-22.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-28737.html * https://bugzilla.suse.com/show_bug.cgi?id=1185232 * https://bugzilla.suse.com/show_bug.cgi?id=1185261 * https://bugzilla.suse.com/show_bug.cgi?id=1185441 * https://bugzilla.suse.com/show_bug.cgi?id=1185621 * https://bugzilla.suse.com/show_bug.cgi?id=1187071 * https://bugzilla.suse.com/show_bug.cgi?id=1187260 * https://bugzilla.suse.com/show_bug.cgi?id=1187696 * https://bugzilla.suse.com/show_bug.cgi?id=1193282 * https://bugzilla.suse.com/show_bug.cgi?id=1198458 * https://bugzilla.suse.com/show_bug.cgi?id=1201066 * https://bugzilla.suse.com/show_bug.cgi?id=1202120 * https://bugzilla.suse.com/show_bug.cgi?id=1205588 * https://jira.suse.com/browse/PED-127 * https://jira.suse.com/browse/PED-1273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:45 -0000 Subject: SUSE-RU-2023:2149-1: low: Recommended update for tigervnc Message-ID: <168364984555.8937.16090291140699197173@smelt2.suse.de> # Recommended update for tigervnc Announcement ID: SUSE-RU-2023:2149-1 Rating: low References: * #1209283 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for tigervnc fixes the following issues: * Drop chown vnc:vnc calls in with-vnc-key.sh (bsc#1209283) * Add TLSNone to -securitytypes to increase security in xvnc at .service (bsc#1209283) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2149=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2149=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2149=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libXvnc1-debuginfo-1.10.1-150400.7.8.1 * libXvnc1-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-1.10.1-150400.7.8.1 * tigervnc-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.8.1 * tigervnc-debuginfo-1.10.1-150400.7.8.1 * tigervnc-debugsource-1.10.1-150400.7.8.1 * libXvnc-devel-1.10.1-150400.7.8.1 * openSUSE Leap 15.4 (noarch) * tigervnc-x11vnc-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-java-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-novnc-1.10.1-150400.7.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libXvnc1-debuginfo-1.10.1-150400.7.8.1 * libXvnc1-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-1.10.1-150400.7.8.1 * tigervnc-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.8.1 * tigervnc-debuginfo-1.10.1-150400.7.8.1 * tigervnc-debugsource-1.10.1-150400.7.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.10.1-150400.7.8.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.8.1 * Basesystem Module 15-SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libXvnc-devel-1.10.1-150400.7.8.1 * tigervnc-debugsource-1.10.1-150400.7.8.1 * tigervnc-debuginfo-1.10.1-150400.7.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:52 -0000 Subject: SUSE-SU-2023:2148-1: important: Security update for the Linux Kernel Message-ID: <168364985259.8937.15635906713977647197@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2148-1 Rating: important References: * #1202353 * #1205128 * #1206992 * #1207088 * #1209687 * #1209739 * #1209777 * #1209871 * #1210202 * #1210203 * #1210301 * #1210329 * #1210336 * #1210337 * #1210414 * #1210453 * #1210469 * #1210498 * #1210506 * #1210629 * #1210647 Cross-References: * CVE-2020-36691 * CVE-2022-2196 * CVE-2022-43945 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1838 * CVE-2023-1855 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-2176 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 16 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * cifs: fix negotiate context parsing (bsc#1210301). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2148=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2148=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2148=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2148=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2148=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2148=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2148=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2148=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2148=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2148=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2148=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2148=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2148=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2148=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2148=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.121.1 * openSUSE Leap 15.4 (aarch64) * dtb-zte-5.3.18-150300.59.121.1 * dtb-al-5.3.18-150300.59.121.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-1-150300.7.3.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-livepatch-5.3.18-150300.59.121.2 * kernel-default-livepatch-devel-5.3.18-150300.59.121.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.121.2 * dlm-kmp-default-debuginfo-5.3.18-150300.59.121.2 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2 * cluster-md-kmp-default-5.3.18-150300.59.121.2 * ocfs2-kmp-default-5.3.18-150300.59.121.2 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2 * dlm-kmp-default-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * gfs2-kmp-default-5.3.18-150300.59.121.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.121.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * reiserfs-kmp-default-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.121.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * reiserfs-kmp-default-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Real Time 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.121.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * reiserfs-kmp-default-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.121.2 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * reiserfs-kmp-default-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Manager Proxy 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.121.2 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.121.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debuginfo-5.3.18-150300.59.121.2 * kernel-64kb-debugsource-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.121.2 * kernel-default-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-5.3.18-150300.59.121.2 * kernel-preempt-devel-5.3.18-150300.59.121.2 * kernel-syms-5.3.18-150300.59.121.1 * kernel-obs-build-debugsource-5.3.18-150300.59.121.2 * kernel-preempt-debuginfo-5.3.18-150300.59.121.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-obs-build-5.3.18-150300.59.121.2 * reiserfs-kmp-default-5.3.18-150300.59.121.2 * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.121.2 * kernel-devel-5.3.18-150300.59.121.2 * kernel-macros-5.3.18-150300.59.121.2 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.121.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.121.2 * kernel-default-debugsource-5.3.18-150300.59.121.2 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210414 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:58 -0000 Subject: SUSE-SU-2023:2147-1: important: Security update for the Linux Kernel Message-ID: <168364985870.8937.6894579664737171551@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2147-1 Rating: important References: * #1202353 * #1206992 * #1207088 * #1209687 * #1209739 * #1209777 * #1209871 * #1210202 * #1210203 * #1210301 * #1210329 * #1210336 * #1210337 * #1210414 * #1210453 * #1210469 * #1210498 * #1210506 * #1210629 * #1210647 Cross-References: * CVE-2020-36691 * CVE-2022-2196 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1838 * CVE-2023-1855 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-2176 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves 15 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * cifs: fix negotiate context parsing (bsc#1210301). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-2147=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2147=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2147=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2147=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * kernel-rt_debug-devel-debuginfo-5.3.18-150300.127.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.127.1 * kernel-rt_debug-debuginfo-5.3.18-150300.127.1 * kernel-rt_debug-devel-5.3.18-150300.127.1 * kernel-rt-devel-debuginfo-5.3.18-150300.127.1 * gfs2-kmp-rt-5.3.18-150300.127.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.127.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.127.1 * kernel-rt_debug-debugsource-5.3.18-150300.127.1 * dlm-kmp-rt-5.3.18-150300.127.1 * kernel-rt-debuginfo-5.3.18-150300.127.1 * cluster-md-kmp-rt-debuginfo-5.3.18-150300.127.1 * cluster-md-kmp-rt-5.3.18-150300.127.1 * ocfs2-kmp-rt-5.3.18-150300.127.1 * kernel-syms-rt-5.3.18-150300.127.1 * kernel-rt-debugsource-5.3.18-150300.127.1 * kernel-rt-devel-5.3.18-150300.127.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-devel-rt-5.3.18-150300.127.1 * kernel-source-rt-5.3.18-150300.127.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.127.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.127.1 * kernel-rt-debugsource-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.127.1 * kernel-rt-debugsource-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.127.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.127.1 * kernel-rt-debugsource-5.3.18-150300.127.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210414 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:30:59 -0000 Subject: SUSE-RU-2023:2145-1: low: Recommended update for python-azure-ai-formrecognizer Message-ID: <168364985987.8937.1752761201412313033@smelt2.suse.de> # Recommended update for python-azure-ai-formrecognizer Announcement ID: SUSE-RU-2023:2145-1 Rating: low References: Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for python-azure-ai-formrecognizer fixes the following issue: * Ship missing python2-azure-ai-formrecognizer (MSC-619) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2145=1 ## Package List: * Public Cloud Module 12 (noarch) * python-azure-ai-formrecognizer-3.1.2-2.5.2 * python3-azure-ai-formrecognizer-3.1.2-2.5.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:01 -0000 Subject: SUSE-SU-2023:2144-1: moderate: Security update for python-cryptography Message-ID: <168364986135.8937.1918460801282749862@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:2144-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2144=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2144=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2144=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * python-cryptography-debuginfo-2.0.3-3.14.2 * python-cryptography-2.0.3-3.14.2 * python-cryptography-debugsource-2.0.3-3.14.2 * HPE Helion OpenStack 8 (noarch) * venv-openstack-manila-x86_64-5.1.1~dev5-12.49.1 * venv-openstack-cinder-x86_64-11.2.3~dev29-14.46.1 * venv-openstack-heat-x86_64-9.0.8~dev22-12.49.1 * venv-openstack-monasca-x86_64-2.2.2~dev1-11.49.1 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.45.1 * venv-openstack-barbican-x86_64-5.0.2~dev3-12.47.1 * venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.40.1 * venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.35.1 * venv-openstack-trove-x86_64-8.0.2~dev2-11.44.1 * venv-openstack-designate-x86_64-5.0.3~dev7-12.43.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.44.1 * venv-openstack-aodh-x86_64-5.1.1~dev7-12.44.1 * venv-openstack-neutron-x86_64-11.0.9~dev69-13.50.1 * venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.40.1 * venv-openstack-glance-x86_64-15.0.3~dev3-12.43.1 * venv-openstack-ironic-x86_64-9.1.8~dev8-12.45.1 * venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.52.1 * venv-openstack-nova-x86_64-16.1.9~dev92-11.48.1 * venv-openstack-murano-x86_64-4.0.2~dev3-12.42.1 * venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.42.1 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.44.1 * venv-openstack-keystone-x86_64-12.0.4~dev11-11.49.1 * SUSE OpenStack Cloud 8 (x86_64) * python-cryptography-debuginfo-2.0.3-3.14.2 * python-cryptography-2.0.3-3.14.2 * python-cryptography-debugsource-2.0.3-3.14.2 * SUSE OpenStack Cloud 8 (noarch) * venv-openstack-manila-x86_64-5.1.1~dev5-12.49.1 * venv-openstack-cinder-x86_64-11.2.3~dev29-14.46.1 * venv-openstack-heat-x86_64-9.0.8~dev22-12.49.1 * venv-openstack-monasca-x86_64-2.2.2~dev1-11.49.1 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.45.1 * venv-openstack-barbican-x86_64-5.0.2~dev3-12.47.1 * venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.40.1 * venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.35.1 * venv-openstack-trove-x86_64-8.0.2~dev2-11.44.1 * venv-openstack-designate-x86_64-5.0.3~dev7-12.43.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.44.1 * venv-openstack-aodh-x86_64-5.1.1~dev7-12.44.1 * venv-openstack-neutron-x86_64-11.0.9~dev69-13.50.1 * venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.40.1 * venv-openstack-glance-x86_64-15.0.3~dev3-12.43.1 * venv-openstack-ironic-x86_64-9.1.8~dev8-12.45.1 * venv-openstack-nova-x86_64-16.1.9~dev92-11.48.1 * venv-openstack-horizon-x86_64-12.0.5~dev6-14.52.1 * venv-openstack-murano-x86_64-4.0.2~dev3-12.42.1 * venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.42.1 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.44.1 * venv-openstack-keystone-x86_64-12.0.4~dev11-11.49.1 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-cryptography-debuginfo-2.0.3-3.14.2 * python-cryptography-2.0.3-3.14.2 * python-cryptography-debugsource-2.0.3-3.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:03 -0000 Subject: SUSE-SU-2023:2143-1: important: Security update for protobuf-c Message-ID: <168364986313.8937.8608360351892071982@smelt2.suse.de> # Security update for protobuf-c Announcement ID: SUSE-SU-2023:2143-1 Rating: important References: * #1210323 Cross-References: * CVE-2022-48468 CVSS scores: * CVE-2022-48468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48468 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for protobuf-c fixes the following issues: * CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2143=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2143=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2143=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2143=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2143=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2143=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2143=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2143=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2143=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2143=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2143=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2143=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2143=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2143=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2143=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * protobuf-c-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * protobuf-c-debugsource-1.3.2-150200.3.3.1 * libprotobuf-c-devel-1.3.2-150200.3.3.1 * libprotobuf-c1-1.3.2-150200.3.3.1 * protobuf-c-debuginfo-1.3.2-150200.3.3.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48468.html * https://bugzilla.suse.com/show_bug.cgi?id=1210323 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:05 -0000 Subject: SUSE-SU-2023:2142-1: moderate: Security update for ntp Message-ID: <168364986524.8937.1094787642359724453@smelt2.suse.de> # Security update for ntp Announcement ID: SUSE-SU-2023:2142-1 Rating: moderate References: * #1210386 * #1210387 * #1210388 * #1210389 Cross-References: * CVE-2023-26551 * CVE-2023-26552 * CVE-2023-26553 * CVE-2023-26554 CVSS scores: * CVE-2023-26551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26551 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26552 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26552 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26553 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26553 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26554 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26554 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for ntp fixes the following issues: Fixed multiple out of bound writes: CVE-2023-26551 (bsc#1210386), CVE-2023-26552 (bsc#1210388), CVE-2023-26553 (bsc#1210387), CVE-2023-26554 (bsc#1210389). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2142=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2142=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ntp-doc-4.2.8p15-150000.4.22.1 * ntp-debuginfo-4.2.8p15-150000.4.22.1 * ntp-4.2.8p15-150000.4.22.1 * ntp-debugsource-4.2.8p15-150000.4.22.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ntp-debuginfo-4.2.8p15-150000.4.22.1 * ntp-4.2.8p15-150000.4.22.1 * ntp-debugsource-4.2.8p15-150000.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26551.html * https://www.suse.com/security/cve/CVE-2023-26552.html * https://www.suse.com/security/cve/CVE-2023-26553.html * https://www.suse.com/security/cve/CVE-2023-26554.html * https://bugzilla.suse.com/show_bug.cgi?id=1210386 * https://bugzilla.suse.com/show_bug.cgi?id=1210387 * https://bugzilla.suse.com/show_bug.cgi?id=1210388 * https://bugzilla.suse.com/show_bug.cgi?id=1210389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:18 -0000 Subject: SUSE-SU-2023:2141-1: important: Security update for the Linux Kernel Message-ID: <168364987814.8937.3550059669303201504@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2141-1 Rating: important References: * #1142685 * #1155798 * #1174777 * #1189999 * #1194869 * #1203039 * #1203325 * #1206649 * #1206891 * #1206992 * #1207088 * #1208076 * #1208845 * #1209615 * #1209693 * #1209739 * #1209871 * #1209927 * #1209999 * #1210034 * #1210158 * #1210202 * #1210206 * #1210301 * #1210329 * #1210336 * #1210337 * #1210439 * #1210469 * #1210629 * #1210725 * #1210762 * #1210763 * #1210764 * #1210765 * #1210766 * #1210767 * #1210768 * #1210769 * #1210770 * #1210771 * #1210793 * #1210816 * #1210817 * #1210827 * #1210943 * #1210953 * #1211025 Cross-References: * CVE-2022-2196 * CVE-2023-0386 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2019 * CVE-2023-2176 * CVE-2023-2235 * CVE-2023-23006 * CVE-2023-30772 CVSS scores: * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2019 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2019 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 13 vulnerabilities, contains two features and has 35 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: * ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). * ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). * ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). * ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). * ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). * ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). * ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git- fixes). * ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). * ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). * ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git- fixes). * ALSA: hda/sigmatel: fix S/PDIF out on Intel D _45_ motherboards (git-fixes). * ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). * ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). * ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). * ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). * ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). * ARM: dts: gta04: fix excess dma channel usage (git-fixes). * ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). * ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). * ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). * ASN.1: Fix check for strdup() success (git-fixes). * ASoC: cs35l41: Only disable internal boost (git-fixes). * ASoC: es8316: Handle optional IRQ assignment (git-fixes). * ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). * ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). * Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly * Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods * Bluetooth: Fix race condition in hidp_session_thread (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git- fixes). * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * IB/mlx5: Add support for 400G_8X lane speed (git-fixes) * Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * KEYS: Add missing function documentation (git-fixes). * KEYS: Create static version of public_key_verify_signature (git-fixes). * NFS: Cleanup unused rpc_clnt variable (git-fixes). * NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). * NFSD: callback request does not use correct credential for AUTH_SYS (git- fixes). * PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). * PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). * PCI: imx6: Install the fault handler only on compatible match (git-fixes). * PCI: loongson: Add more devices that need MRRS quirk (git-fixes). * PCI: loongson: Prevent LS7A MRRS increases (git-fixes). * PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git- fixes). * PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). * RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) * RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) * RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) * RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) * RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) * Remove obsolete KMP obsoletes (bsc#1210469). * Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). * Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * USB: serial: option: add Quectel RM500U-CN modem (git-fixes). * USB: serial: option: add Telit FE990 compositions (git-fixes). * USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * amdgpu: disable powerpc support for the newer display engine (bsc#1194869). * arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). * arm64: dts: meson-g12-common: specify full DMC range (git-fixes). * arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git- fixes). * arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). * arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). * arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). * arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). * bluetooth: Perform careful capability checks in hci_sock_ioctl() (git- fixes). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * clk: add missing of_node_put() in "assigned-clocks" property parsing (git- fixes). * clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). * clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). * clk: sprd: set max_register according to mapping range (git-fixes). * clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). * cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). * cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * crypto: caam - Clear some memory in instantiate_rng (git-fixes). * crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). * crypto: sa2ul - Select CRYPTO_DES (git-fixes). * crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). * driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). * drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). * drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git- fixes). * drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). * drm/amd/display: Fix potential null dereference (git-fixes). * drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). * drm/armada: Fix a potential double free in an error handling path (git- fixes). * drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git- fixes). * drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). * drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). * drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). * drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). * drm/i915: Fix fast wake AUX sync len (git-fixes). * drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). * drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). * drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). * drm/msm: fix NULL-deref on snapshot tear down (git-fixes). * drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). * drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). * drm/probe-helper: Cancel previous job before starting new one (git-fixes). * drm/rockchip: Drop unbalanced obj unref (git-fixes). * drm/vgem: add missing mutex_destroy (git-fixes). * drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git- fixes). * drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). * dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). * dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). * dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git- fixes). * dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). * dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). * dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git- fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). * ext4: Fix deadlock during directory rename (bsc#1210763). * ext4: Fix possible corruption when moving a directory (bsc#1210763). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). * ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). * ext4: fix possible double unlock when moving a directory (bsc#1210763). * ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). * fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). * firmware: qcom_scm: Clear download bit during reboot (git-fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fpga: bridge: fix kernel-doc parameter description (git-fixes). * hwmon: (adt7475) Use device_property APIs when configuring polarity (git- fixes). * hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). * hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git- fixes). * i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). * i2c: hisi: Avoid redundant interrupts (git-fixes). * i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). * i2c: ocores: generate stop condition after timeout in polling mode (git- fixes). * i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). * iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). * iio: light: tsl2772: fix reading proximity-diodes from device tree (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * ipmi:ssif: Add send_retries increment (git-fixes). * k-m-s: Drop Linux 2.6 support * kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). * kABI: x86/msi: Fix msi message data shadow struct (kabi). * kabi/severities: ignore KABI for NVMe target (bsc#1174777). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * locking/rwbase: Mitigate indefinite writer starvation. * media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). * media: max9286: Free control handler (git-fixes). * media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). * media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). * media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). * media: venus: dec: Fix handling of the start cmd (git-fixes). * memstick: fix memory leak if card device is never registered (git-fixes). * mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). * mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). * mm: take a page reference when removing device exclusive entries (bsc#1211025). * mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git- fixes). * mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). * mtd: core: fix error path for nvmem provider (git-fixes). * mtd: core: fix nvmem error reporting (git-fixes). * mtd: core: provide unique name for nvmem device, take two (git-fixes). * mtd: spi-nor: Fix a trivial typo (git-fixes). * net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). * net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git- fixes). * nfsd: call op_release, even when op_func returns an error (git-fixes). * nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). * nilfs2: initialize unused bytes in segment summary blocks (git-fixes). * nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). * nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). * nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git- fixes). * nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). * nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). * nvme-multipath: fix possible hang in live ns resize with ANA access (git- fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme-pci: fix mempool alloc size (git-fixes). * nvme-pci: fix page size checks (git-fixes). * nvme-pci: fix timeout request state check (git-fixes). * nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). * nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix regression that causes sporadic requests to time out (git- fixes). * nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git- fixes). * nvme: add device name to warning in uuid_show() (git-fixes). * nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). * nvme: fix async event trace event (git-fixes). * nvme: fix handling single range discard request (git-fixes). * nvme: fix per-namespace chardev deletion (git-fixes). * nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). * nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). * nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). * nvme: move nvme_multi_css into nvme.h (git-fixes). * nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: set dma alignment to dword (git-fixes). * nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git- fixes). * nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). * nvmet-tcp: fix incomplete data digest send (git-fixes). * nvmet-tcp: fix regression in data_digest calculation (git-fixes). * nvmet: add helpers to set the result field for connect commands (git-fixes). * nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). * nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). * nvmet: fix I/O Command Set specific Identify Controller (git-fixes). * nvmet: fix Identify Active Namespace ID list handling (git-fixes). * nvmet: fix Identify Controller handling (git-fixes). * nvmet: fix Identify Namespace handling (git-fixes). * nvmet: fix a memory leak (git-fixes). * nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). * nvmet: fix a use-after-free (git-fixes). * nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git- fixes). * nvmet: force reconnect when number of queue changes (git-fixes). * nvmet: looks at the passthrough controller when initializing CAP (git- fixes). * nvmet: only allocate a single slab for bvecs (git-fixes). * nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). * perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). * perf/core: Fix the same task check in perf_event_set_output (git fixes). * perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). * perf: fix perf_event_context->time (git fixes). * platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). * platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). * power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). * power: supply: generic-adc-battery: fix unit scaling (git-fixes). * powerpc/64: Always build with 128-bit long double (bsc#1194869). * powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). * powerpc/hv-gpci: Fix hv_gpci event list (git fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc: declare unmodified attribute_group usages const (git-fixes). * regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). * regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). * regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). * regulator: fan53555: Explicitly include bits header (git-fixes). * regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). * regulator: stm32-pwr: fix of_iomap leak (git-fixes). * remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). * remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). * remoteproc: st: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). * rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git- fixes). * rtc: omap: include header for omap_rtc_power_off_program prototype (git- fixes). * sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). * sched/fair: Move calculate of avg_load to a better location (bsc#1155798). * sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). * sched/fair: sanitize vruntime of entity being placed (bsc#1203325). * sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). * sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Fix a procfs host directory removal regression (git-fixes). * scsi: core: Fix a source code comment (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: hisi_sas: Check devm_add_action() return value (git-fixes). * scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git- fixes). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). * scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). * scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: mpt3sas: Do not print sense pool info twice (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). * seccomp: Move copy_seccomp() to no failure path (bsc#1210817). * selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). * selftests: sigaltstack: fix -Wuninitialized (git-fixes). * selinux: ensure av_permissions.h is built when needed (git-fixes). * selinux: fix Makefile dependencies of flask.h (git-fixes). * serial: 8250: Add missing wakeup event reporting (git-fixes). * serial: 8250_bcm7271: Fix arbitration handling (git-fixes). * serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git- fixes). * serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). * signal handling: do not use BUG_ON() for debugging (bsc#1210439). * signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). * signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). * signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). * soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). * spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). * spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). * spi: qup: Do not skip cleanup in remove's error path (git-fixes). * staging: iio: resolver: ads1210: fix config mode (git-fixes). * staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git- fixes). * stat: fix inconsistency between struct stat and struct compat_stat (git- fixes). * sunrpc: only free unix grouplist after RCU settles (git-fixes). * tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). * tty: serial: fsl_lpuart: adjust buffer length to the intended size (git- fixes). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Support splicing to file (bsc#1210770). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). * usb: dwc3: gadget: Change condition for processing suspend event (git- fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). * usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). * usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). * usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). * virt/coco/sev-guest: Add throttling awareness (bsc#1209927). * virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). * virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). * virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). * virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). * virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). * virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). * virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). * virtio_ring: do not update event idx on get_buf (git-fixes). * vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * wifi: ath6kl: minor fix for allocation size (git-fixes). * wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). * wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git- fixes). * wifi: brcmfmac: support CQM RSSI notification with older firmware (git- fixes). * wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). * wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). * wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). * wifi: iwlwifi: fw: move memset before early return (git-fixes). * wifi: iwlwifi: make the loop for card preparation effective (git-fixes). * wifi: iwlwifi: mvm: check firmware response size (git-fixes). * wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). * wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). * wifi: iwlwifi: mvm: initialize seq variable (git-fixes). * wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). * wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). * wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). * wifi: mac80211: adjust scan cancel comment/check (git-fixes). * wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). * wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). * wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). * wifi: mwifiex: mark OF related data as maybe unused (git-fixes). * wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git- fixes). * wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). * writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). * x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). * x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). * x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/entry: Avoid very early RET (git-fixes). * x86/entry: Do not call error_entry() for XENPV (git-fixes). * x86/entry: Move CLD to the start of the idtentry macro (git-fixes). * x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). * x86/entry: Switch the stack after error_entry() returns (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git- fixes). * x86/msi: Fix msi message data shadow struct (git-fixes). * x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). * x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). * x86/tsx: Disable TSX development mode at boot (git-fixes). * x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). * xhci: fix debugfs register accesses while suspended (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2141=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2141=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-devel-5.14.21-150400.14.49.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.49.1 * cluster-md-kmp-azure-5.14.21-150400.14.49.1 * kernel-azure-optional-5.14.21-150400.14.49.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.49.1 * kernel-azure-debuginfo-5.14.21-150400.14.49.1 * dlm-kmp-azure-5.14.21-150400.14.49.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-debugsource-5.14.21-150400.14.49.1 * gfs2-kmp-azure-5.14.21-150400.14.49.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * ocfs2-kmp-azure-5.14.21-150400.14.49.1 * reiserfs-kmp-azure-5.14.21-150400.14.49.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * kernel-syms-azure-5.14.21-150400.14.49.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-extra-5.14.21-150400.14.49.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.49.1 * kselftests-kmp-azure-5.14.21-150400.14.49.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.49.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.49.1 * kernel-source-azure-5.14.21-150400.14.49.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.49.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-devel-5.14.21-150400.14.49.1 * kernel-syms-azure-5.14.21-150400.14.49.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.49.1 * kernel-azure-debugsource-5.14.21-150400.14.49.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.49.1 * kernel-source-azure-5.14.21-150400.14.49.1 ## References: * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2019.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1155798 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1189999 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203039 * https://bugzilla.suse.com/show_bug.cgi?id=1203325 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1208076 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1209615 * https://bugzilla.suse.com/show_bug.cgi?id=1209693 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209927 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210034 * https://bugzilla.suse.com/show_bug.cgi?id=1210158 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210206 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210439 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210725 * https://bugzilla.suse.com/show_bug.cgi?id=1210762 * https://bugzilla.suse.com/show_bug.cgi?id=1210763 * https://bugzilla.suse.com/show_bug.cgi?id=1210764 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210767 * https://bugzilla.suse.com/show_bug.cgi?id=1210768 * https://bugzilla.suse.com/show_bug.cgi?id=1210769 * https://bugzilla.suse.com/show_bug.cgi?id=1210770 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1210793 * https://bugzilla.suse.com/show_bug.cgi?id=1210816 * https://bugzilla.suse.com/show_bug.cgi?id=1210817 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1210943 * https://bugzilla.suse.com/show_bug.cgi?id=1210953 * https://bugzilla.suse.com/show_bug.cgi?id=1211025 * https://jira.suse.com/browse/PED-3750 * https://jira.suse.com/browse/PED-3759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:20 -0000 Subject: SUSE-SU-2023:2139-1: important: Security update for ignition Message-ID: <168364988009.8937.11049620126553343470@smelt2.suse.de> # Security update for ignition Announcement ID: SUSE-SU-2023:2139-1 Rating: important References: * #1200441 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update of ignition fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2139=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2139=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ignition-2.15.0-150400.4.2.1 * ignition-dracut-grub2-2.15.0-150400.4.2.1 * ignition-debuginfo-2.15.0-150400.4.2.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ignition-2.15.0-150400.4.2.1 * ignition-dracut-grub2-2.15.0-150400.4.2.1 * ignition-debuginfo-2.15.0-150400.4.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:21 -0000 Subject: SUSE-SU-2023:2138-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <168364988153.8937.383226300788597041@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:2138-1 Rating: important References: * #1200441 Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update of prometheus-ha_cluster_exporter fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2138=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:22 -0000 Subject: SUSE-SU-2023:2137-1: important: Security update for runc Message-ID: <168364988292.8937.5181222818057632175@smelt2.suse.de> # Security update for runc Announcement ID: SUSE-SU-2023:2137-1 Rating: important References: * #1200441 Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of runc fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-2137=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * runc-debuginfo-1.1.5-16.31.1 * runc-1.1.5-16.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 16:31:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 16:31:24 -0000 Subject: SUSE-SU-2023:2136-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <168364988438.8937.4480768095803434943@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:2136-1 Rating: important References: * #1200441 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of prometheus-ha_cluster_exporter fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2136=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-2136=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.28.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-4.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2154-1: important: Security update for distribution Message-ID: <168366420423.26390.8095206959985598806@smelt2.suse.de> # Security update for distribution Announcement ID: SUSE-SU-2023:2154-1 Rating: important References: * #1207705 Cross-References: * CVE-2023-2253 CVSS scores: * CVE-2023-2253 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for distribution fixes the following issues: * CVE-2023-2253: Fixed possible DoS via a crafted malicious /v2/_catalog API endpoint request (bsc#1207705). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2154=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2154=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.1-150400.9.18.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.1-150400.9.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2253.html * https://bugzilla.suse.com/show_bug.cgi?id=1207705 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 9 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 09 May 2023 20:30:19 -0000 Subject: SUSE-SU-2023:2153-1: important: Security update for docker-distribution Message-ID: <168366421986.26390.4255200279479013153@smelt2.suse.de> # Security update for docker-distribution Announcement ID: SUSE-SU-2023:2153-1 Rating: important References: * #1207705 Cross-References: * CVE-2023-2253 CVSS scores: * CVE-2023-2253 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for docker-distribution fixes the following issues: * CVE-2023-2253: Catalog Endpoint can lead to OOM by user input (bsc#1207705). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-2153=1 ## Package List: * Containers Module 12 (x86_64) * docker-distribution-registry-2.6.2-13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2253.html * https://bugzilla.suse.com/show_bug.cgi?id=1207705 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 07:14:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 09:14:12 +0200 (CEST) Subject: SUSE-CU-2023:1501-1: Recommended update of suse/sle15 Message-ID: <20230510071412.63A4DFBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1501-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.766 Container Release : 6.2.766 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated From sle-updates at lists.suse.com Wed May 10 07:16:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 09:16:01 +0200 (CEST) Subject: SUSE-CU-2023:1502-1: Recommended update of suse/sle15 Message-ID: <20230510071601.77BA3FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1502-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.294 Container Release : 9.5.294 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated From sle-updates at lists.suse.com Wed May 10 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 12:30:01 -0000 Subject: SUSE-SU-2023:2158-1: important: Security update for google-cloud-sap-agent Message-ID: <168372180173.4879.10936914230258969506@smelt2.suse.de> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2023:2158-1 Rating: important References: * #1200441 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of google-cloud-sap-agent fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2158=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2157-1: important: Security update for conmon Message-ID: <168372180373.4879.8265924619892441926@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:2157-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of conmon fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2157=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2157=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2157=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2157=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2157=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2157=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2157=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.5-150400.3.8.1 * conmon-2.1.5-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 12:30:16 -0000 Subject: SUSE-SU-2023:2156-1: important: Security update for the Linux Kernel Message-ID: <168372181697.4879.17145126491757826460@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2156-1 Rating: important References: * #1142685 * #1174777 * #1190544 * #1202353 * #1207088 * #1209342 * #1209871 * #1209887 * #1209969 * #1209999 * #1210202 * #1210301 * #1210329 * #1210336 * #1210337 * #1210430 * #1210460 * #1210466 * #1210469 * #1210498 * #1210506 * #1210534 * #1210647 * #1210827 Cross-References: * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-30772 CVSS scores: * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves eight vulnerabilities and has 16 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: * ath10k: Fix error handling in case of CE pipe init failure (git-fixes). * ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). * ath10k: Fix the parsing error in service available event (git-fixes). * ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). * ath10k: fix control-message timeout (git-fixes). * ath10k: fix division by zero in send path (git-fixes). * ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git- fixes). * audit: improve audit queue handling when "audit=1" on cmdline (bsc#1209969). * bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B (git- fixes). * cachefiles: Drop superfluous readpages aops NULL check (bsc#1210430). * cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (bsc#1210430). * cachefiles: Fix race between read_waiter and read_copier involving op->to_do (bsc#1210430). * cachefiles: Handle readpage error correctly (bsc#1210430). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * drivers: net: lmc: fix case value for target abort error (git-fixes). * fscache, cachefiles: remove redundant variable 'cache' (bsc#1210430). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * intel_pmc_ipc: restore ability to call functions with irq enabled (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * iwlwifi: Fix -EIO error code that is never returned (git-fixes). * iwlwifi: fw: make pos static in iwl_sar_get_ewrd_table() loop (git-fixes). * iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). * kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777). * kcm: Only allow TCP sockets to be attached to a KCM mux (git-fixes). * keys: Change keyring_serialise_link_sem to a mutex (bsc#1207088). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: Hoist locking out of __key_link_begin() (bsc#1207088). * kretprobe: Prevent triggering kretprobe from within kprobe_flush_task (git- fixes). * l2tp: clean up stale tunnel or session in pppol2tp_connect's error path (git-fixes). * l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect() (git- fixes). * l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels (git-fixes). * net/ncsi: Do not return error on normal response (git-fixes). * net: axienet: Fix double deregister of mdio (git-fixes). * net: core: dst: Add kernel-doc for 'net' parameter (git-fixes). * net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency (git-fixes). * net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b (git-fixes). * net: prevent ISA drivers from building on PPC32 (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * netfilter: nft_set_rbtree: fix parameter of __nft_rbtree_lookup() (git- fixes). * netfilter: x_tables: Add note about how to free percpu counters (git-fixes). * nvme-pci: do not WARN_ON in nvme_reset_work if ctrl.state is not RESETTING (git-fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme: retain split access workaround for capability reads (git-fixes). * platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe function (git- fixes). * platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates (git- fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1209999 ltc#202140 bsc#1190544 ltc#194520 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Detect support for coregroup (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Limit possible nodes to within num_possible_nodes (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Restrict possible nodes based on platform (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * printk: Give error on attempt to set log buffer length to over 2G (bsc#1210534). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * sctp: do not free asoc when it is already dead in sctp_sendmsg (git-fixes). * sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (git-fixes). * sctp: use the right sk after waking up from wait_buf sleep (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * struct wmi_svc_avail_ev_arg: new member to end (git-fixes). * tuntap: fix dividing by zero in ebpf queue selection (git-fixes). * usb/ohci-platform: Fix a warning when hibernating (git-fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: dwc3: core: fix kernel panic when do reboot (git-fixes). * usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). * usb: host: ohci-pxa27x: Fix and & vs | typo (git-fixes). * usb: storage: Add check for kcalloc (git-fixes). * usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git- fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * workqueue: Fix missing kfree(rescuer) in destroy_workqueue() (bsc#1210460). * workqueue: Fix spurious sanity check failures in destroy_workqueue() (bsc#1210460). * wq: handle VM suspension in stall detection (bsc#1210466). * x86/boot/compressed: Disable relocation relaxation (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/bugs: Add Cannon lake to RETBleed affected CPU list (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/irq: Ensure PI wakeup handler is unregistered before module unload (git- fixes). * x86/kprobes: Fix to check non boostable prefixes correctly (git-fixes). * x86/kprobes: Restore BTF if the single-stepping is cancelled (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mm: Stop printing BRK addresses (git-fixes). * x86/pkeys: Add check for pkey "overflow" (git-fixes). * x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline (git- fixes). * x86/tools/relocs: Fix non-POSIX regexp (git-fixes). * x86/tools: Fix objdump version check again (git-fixes). * x86/virt: Eat faults on VMXOFF in reboot flows (git-fixes). * x86/virt: Mark flags and memory as clobbered by VMXOFF (git-fixes). * x86: Do not let pgprot_modify() change the page encryption bit (git-fixes). * x86_64: Fix jiffies ODR violation (git-fixes). * xfrm: policy: use hlist rcu variants on insert (git-fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: hide include of iommu.h (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-2156=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt-debugsource-4.12.14-10.124.1 * cluster-md-kmp-rt-4.12.14-10.124.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.124.1 * dlm-kmp-rt-4.12.14-10.124.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.124.1 * kernel-rt_debug-debuginfo-4.12.14-10.124.1 * kernel-syms-rt-4.12.14-10.124.1 * kernel-rt-base-debuginfo-4.12.14-10.124.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.124.1 * gfs2-kmp-rt-4.12.14-10.124.1 * dlm-kmp-rt-debuginfo-4.12.14-10.124.1 * kernel-rt-devel-debuginfo-4.12.14-10.124.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.124.1 * kernel-rt-devel-4.12.14-10.124.1 * kernel-rt_debug-devel-4.12.14-10.124.1 * ocfs2-kmp-rt-4.12.14-10.124.1 * kernel-rt-debuginfo-4.12.14-10.124.1 * kernel-rt_debug-debugsource-4.12.14-10.124.1 * kernel-rt-base-4.12.14-10.124.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.124.1 * kernel-devel-rt-4.12.14-10.124.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.124.1 * kernel-rt_debug-4.12.14-10.124.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1190544 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 * https://bugzilla.suse.com/show_bug.cgi?id=1209969 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210430 * https://bugzilla.suse.com/show_bug.cgi?id=1210460 * https://bugzilla.suse.com/show_bug.cgi?id=1210466 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210534 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 12:30:18 -0000 Subject: SUSE-RU-2023:2155-1: moderate: Recommended update for python-rpm-macros Message-ID: <168372181876.4879.16963277140594078128@smelt2.suse.de> # Recommended update for python-rpm-macros Announcement ID: SUSE-RU-2023:2155-1 Rating: moderate References: * #1209353 * #1209881 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for python-rpm-macros fixes the following issues: * Update to version 20230304.050c1a4 (bsc#1209881, bsc#1209353) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2155=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2155=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python-rpm-generators-20230304.050c1a4-150400.3.6.1 * python-rpm-macros-20230304.050c1a4-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * python-rpm-generators-20230304.050c1a4-150400.3.6.1 * python-rpm-macros-20230304.050c1a4-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209353 * https://bugzilla.suse.com/show_bug.cgi?id=1209881 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 16:30:04 -0000 Subject: SUSE-FU-2023:2161-1: important: Feature update for aws-cli, python-boto3, python-botocore, python-s3transfer Message-ID: <168373620494.7310.4834724457527410464@smelt2.suse.de> # Feature update for aws-cli, python-boto3, python-botocore, python-s3transfer Announcement ID: SUSE-FU-2023:2161-1 Rating: important References: * #1204537 * #1204917 * #1209255 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains two features and has three feature fixes can now be installed. ## Description: This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli: * Version update from 1.23.11 to 1.27.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333) * For the detailed list of changes please consult upstream changelog: https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst * Updated required dependencies python-botocore: * Version update from 1.25.11 to 1.29.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/botocore/blob/develop/CHANGELOG.rst * Updated required dependencies python-boto3: * Version update from 1.22.11 to 1.26.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/boto3/blob/develop/CHANGELOG.rst * Updated required dependencies * Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures python-s3transfer: * Version update from 0.5.0 to 0.6.0 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * Dropped support for Python 3.6 * Added support for flexible checksum when uploading or downloading objects * Officially add Python 3.10 support * Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures * Drop unused python-mock build dependency ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2161=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2161=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2161=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2161=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2161=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2161=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2161=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2161=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2161=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2161=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2161=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2161=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2161=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2161=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2161=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2161=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2161=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2161=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2161=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2161=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2161=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2161=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2161=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2161=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2161=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * openSUSE Leap 15.4 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * aws-cli-1.27.89-150200.30.11.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * Basesystem Module 15-SP4 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * Public Cloud Module 15-SP2 (noarch) * aws-cli-1.27.89-150200.30.11.1 * Public Cloud Module 15-SP3 (noarch) * aws-cli-1.27.89-150200.30.11.1 * Public Cloud Module 15-SP4 (noarch) * aws-cli-1.27.89-150200.30.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Manager Proxy 4.2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Manager Server 4.2 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Enterprise Storage 7 (noarch) * python3-boto3-1.26.89-150200.23.12.1 * python3-botocore-1.29.89-150200.37.14.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-botocore-1.29.89-150200.37.14.1 * aws-cli-1.27.89-150200.30.11.1 * python3-s3transfer-0.6.0-150200.9.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204537 * https://bugzilla.suse.com/show_bug.cgi?id=1204917 * https://bugzilla.suse.com/show_bug.cgi?id=1209255 * https://jira.suse.com/browse/PED-2333 * https://jira.suse.com/browse/PED-3780 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 16:30:07 -0000 Subject: SUSE-FU-2023:2160-1: important: Feature update for aws-cli, python-boto3, python-botocore, python-s3transfer Message-ID: <168373620768.7310.17899539882650404265@smelt2.suse.de> # Feature update for aws-cli, python-boto3, python-botocore, python-s3transfer Announcement ID: SUSE-FU-2023:2160-1 Rating: important References: * #1199716 * #1204917 * #1209255 Affected Products: * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that contains one feature and has three feature fixes can now be installed. ## Description: This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli: * Version update from 1.23.11 to 1.27.89 (bsc#1209255, jsc#PED-3780) * For the detailed list of changes please consult upstream changelog: https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst * Updated required dependencies python-botocore: * Version update from 1.25.11 to 1.29.89 (bsc#1209255, jsc#PED-3780): * For the detailed list of changes please consult https://github.com/boto/botocore/blob/develop/CHANGELOG.rst * Updated required dependencies python-boto3: * Version update from 1.22.11 to 1.26.89 (bsc#1209255, jsc#PED-3780): * For the detailed list of changes please consult https://github.com/boto/boto3/blob/develop/CHANGELOG.rst * Updated required dependencies * Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures python-s3transfer: * Version update from 0.5.0 to 0.6.0 (bsc#1209255, jsc#PED-3780): * Dropped support for Python 3.6 * Added support for flexible checksum when uploading or downloading objects * Officially add Python 3.10 support * Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures * Drop unused python-mock build dependency ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2160=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2160=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2160=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2160=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Public Cloud Module 15-SP1 (noarch) * python3-botocore-1.29.89-150100.41.2 * aws-cli-1.27.89-150100.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-botocore-1.29.89-150100.41.2 * python3-s3transfer-0.6.0-150100.6.16.1 * python3-boto3-1.26.89-150100.27.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-botocore-1.29.89-150100.41.2 * python3-s3transfer-0.6.0-150100.6.16.1 * python3-boto3-1.26.89-150100.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-botocore-1.29.89-150100.41.2 * python3-s3transfer-0.6.0-150100.6.16.1 * python3-boto3-1.26.89-150100.27.1 * SUSE CaaS Platform 4.0 (noarch) * python3-botocore-1.29.89-150100.41.2 * python3-s3transfer-0.6.0-150100.6.16.1 * python3-boto3-1.26.89-150100.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199716 * https://bugzilla.suse.com/show_bug.cgi?id=1204917 * https://bugzilla.suse.com/show_bug.cgi?id=1209255 * https://jira.suse.com/browse/PED-3780 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 16:30:09 -0000 Subject: SUSE-RU-2023:2159-1: moderate: Recommended update for open-vm-tools Message-ID: <168373620966.7310.13959649181862090982@smelt2.suse.de> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:2159-1 Rating: moderate References: * #1205962 * #1209128 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * Update to 12.2.0 (bsc#1209128) * Build the containerinfo plugin for TW/SLES15-SP5 and newer.(jsc#PED-1344) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2159=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2159=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2159=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2159=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2159=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2159=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2159=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2159=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2159=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2159=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2159=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2159=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * openSUSE Leap 15.4 (aarch64 x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * open-vm-tools-sdmp-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * open-vm-tools-desktop-12.2.0-150300.26.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.26.1 * libvmtools-devel-12.2.0-150300.26.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * open-vm-tools-sdmp-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.26.1 * libvmtools-devel-12.2.0-150300.26.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.26.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.26.1 * open-vm-tools-desktop-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * open-vm-tools-sdmp-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * open-vm-tools-desktop-12.2.0-150300.26.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.26.1 * libvmtools-devel-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * open-vm-tools-debugsource-12.2.0-150300.26.1 * libvmtools0-debuginfo-12.2.0-150300.26.1 * open-vm-tools-12.2.0-150300.26.1 * open-vm-tools-debuginfo-12.2.0-150300.26.1 * libvmtools0-12.2.0-150300.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205962 * https://bugzilla.suse.com/show_bug.cgi?id=1209128 * https://jira.suse.com/browse/PED-1344 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:01 -0000 Subject: SUSE-RU-2023:2168-1: moderate: Recommended update for crmsh Message-ID: <168375060170.9015.13341945780902679065@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:2168-1 Rating: moderate References: * #1209480 * #1210198 * #1210614 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Fix crmsh's help taking a long time to load and parse crm.8.adoc (bsc#1210198) * Fix cibconfig to use any existing rsc_defaults set rather than create duplicates (bsc#1210614) * Fix crm report to not fail if there are offline nodes (bsc#1209480) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2168=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2168=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crmsh-4.4.1+20230424.7f657402-150400.3.20.1 * crmsh-test-4.4.1+20230424.7f657402-150400.3.20.1 * crmsh-scripts-4.4.1+20230424.7f657402-150400.3.20.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * crmsh-4.4.1+20230424.7f657402-150400.3.20.1 * crmsh-scripts-4.4.1+20230424.7f657402-150400.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209480 * https://bugzilla.suse.com/show_bug.cgi?id=1210198 * https://bugzilla.suse.com/show_bug.cgi?id=1210614 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:03 -0000 Subject: SUSE-RU-2023:2167-1: moderate: Recommended update for crmsh Message-ID: <168375060342.9015.2745348599628823968@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:2167-1 Rating: moderate References: * #1210198 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for crmsh fixes the following issues: * Fix crmsh's help taking a long time to load and parse crm.8.adoc (bsc#1210198) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2167=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2167=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (noarch) * crmsh-4.3.1+20230424.76f78edb-150200.5.89.1 * crmsh-scripts-4.3.1+20230424.76f78edb-150200.5.89.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (noarch) * crmsh-4.3.1+20230424.76f78edb-150200.5.89.1 * crmsh-scripts-4.3.1+20230424.76f78edb-150200.5.89.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210198 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:07 -0000 Subject: SUSE-RU-2023:2166-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <168375060747.9015.5969886714972719014@smelt2.suse.de> # Recommended update for supportutils-plugin-suse-public-cloud Announcement ID: SUSE-RU-2023:2166-1 Rating: moderate References: * #1209026 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: * Update to version 1.0.7 (bsc#1209026) * Include information about the cached registration data * Collect the data that is sent to the update infrastructure during registration ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2166=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2166=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2166=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2166=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2166=1 ## Package List: * openSUSE Leap 15.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 * Public Cloud Module 15-SP1 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 * Public Cloud Module 15-SP2 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 * Public Cloud Module 15-SP3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 * Public Cloud Module 15-SP4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:08 -0000 Subject: SUSE-OU-2023:2165-1: moderate: Optional update for junit Message-ID: <168375060852.9015.1820464961297719245@smelt2.suse.de> # Optional update for junit Announcement ID: SUSE-OU-2023:2165-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for junit fixes the following issues: * Conditionalize the build instructions so that junit can be built with both hamcrest 1.3 and 2.2 from the same sources (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2165=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2165=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2165=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2165=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2165=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2165=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2165=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2165=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2165=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2165=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2165=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2165=1 ## Package List: * openSUSE Leap 15.4 (noarch) * junit-4.13.2-150200.3.8.1 * junit-javadoc-4.13.2-150200.3.8.1 * junit-manual-4.13.2-150200.3.8.1 * Development Tools Module 15-SP4 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Enterprise Storage 7.1 (noarch) * junit-4.13.2-150200.3.8.1 * SUSE Enterprise Storage 7 (noarch) * junit-4.13.2-150200.3.8.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:12 -0000 Subject: SUSE-SU-2023:2164-1: moderate: Security update for cloud-init Message-ID: <168375061291.9015.10550754726042931345@smelt2.suse.de> # Security update for cloud-init Announcement ID: SUSE-SU-2023:2164-1 Rating: moderate References: * #1181283 * #1183939 * #1184085 * #1184758 * #1210277 Cross-References: * CVE-2021-3429 * CVE-2023-1786 CVSS scores: * CVE-2021-3429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-3429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has three fixes can now be installed. ## Description: This update for cloud-init contains following fixes: * CVE-2021-3429: Do not write the generated password to the log file. (bsc#1184758) * CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) Other fixes: \- Change log file creation mode to 640. (bsc#1183939) \- Write proper bonding option configuration for SLE/openSUSE. (bsc#1184085) \- Do not including sudoers.d directory twice. (bsc#1181283) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2164=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * cloud-init-20.2-37.57.1 * cloud-init-config-suse-20.2-37.57.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3429.html * https://www.suse.com/security/cve/CVE-2023-1786.html * https://bugzilla.suse.com/show_bug.cgi?id=1181283 * https://bugzilla.suse.com/show_bug.cgi?id=1183939 * https://bugzilla.suse.com/show_bug.cgi?id=1184085 * https://bugzilla.suse.com/show_bug.cgi?id=1184758 * https://bugzilla.suse.com/show_bug.cgi?id=1210277 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 10 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2023 20:30:23 -0000 Subject: SUSE-SU-2023:2162-1: important: Security update for the Linux Kernel Message-ID: <168375062328.9015.16970813504053100573@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2162-1 Rating: important References: * #1142685 * #1142926 * #1174777 * #1190544 * #1202353 * #1205128 * #1207088 * #1209342 * #1209687 * #1209777 * #1209871 * #1209887 * #1209969 * #1209999 * #1210202 * #1210301 * #1210329 * #1210336 * #1210337 * #1210430 * #1210460 * #1210466 * #1210469 * #1210498 * #1210506 * #1210534 * #1210647 * #1210827 * #1211037 Cross-References: * CVE-2020-36691 * CVE-2022-43945 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-2483 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 12 vulnerabilities and has 17 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). The following non-security bugs were fixed: * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * ath10k: Fix error handling in case of CE pipe init failure (git-fixes). * ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). * ath10k: Fix the parsing error in service available event (git-fixes). * ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). * ath10k: fix control-message timeout (git-fixes). * ath10k: fix division by zero in send path (git-fixes). * ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git- fixes). * audit: improve audit queue handling when "audit=1" on cmdline (bsc#1209969). * bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B (git- fixes). * cachefiles: Drop superfluous readpages aops NULL check (bsc#1210430). * cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (bsc#1210430). * cachefiles: Fix race between read_waiter and read_copier involving op->to_do (bsc#1210430). * cachefiles: Handle readpage error correctly (bsc#1210430). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * drivers: net: lmc: fix case value for target abort error (git-fixes). * fscache, cachefiles: remove redundant variable 'cache' (bsc#1210430). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * intel_pmc_ipc: restore ability to call functions with irq enabled (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * iwlwifi: Fix -EIO error code that is never returned (git-fixes). * iwlwifi: fw: make pos static in iwl_sar_get_ewrd_table() loop (git-fixes). * iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). * kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777). * kcm: Only allow TCP sockets to be attached to a KCM mux (git-fixes). * keys: Change keyring_serialise_link_sem to a mutex (bsc#1207088). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: Hoist locking out of __key_link_begin() (bsc#1207088). * kretprobe: Prevent triggering kretprobe from within kprobe_flush_task (git- fixes). * l2tp: clean up stale tunnel or session in pppol2tp_connect's error path (git-fixes). * l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect() (git- fixes). * l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels (git-fixes). * net/ncsi: Do not return error on normal response (git-fixes). * net: axienet: Fix double deregister of mdio (git-fixes). * net: core: dst: Add kernel-doc for 'net' parameter (git-fixes). * net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency (git-fixes). * net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b (git-fixes). * net: prevent ISA drivers from building on PPC32 (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * netfilter: nft_set_rbtree: fix parameter of __nft_rbtree_lookup() (git- fixes). * netfilter: x_tables: Add note about how to free percpu counters (git-fixes). * ntp: Limit TAI-UTC offset (git-fixes) * nvme-pci: do not WARN_ON in nvme_reset_work if ctrl.state is not RESETTING (git-fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme: retain split access workaround for capability reads (git-fixes). * platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe function (git- fixes). * platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates (git- fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1209999 ltc#202140 bsc#1190544 ltc#194520 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Detect support for coregroup (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Limit possible nodes to within num_possible_nodes (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Restrict possible nodes based on platform (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * printk: Give error on attempt to set log buffer length to over 2G (bsc#1210534). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * rpm/kernel-obs-build.spec.in: Remove SLE11 cruft * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * sctp: do not free asoc when it is already dead in sctp_sendmsg (git-fixes). * sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (git-fixes). * sctp: use the right sk after waking up from wait_buf sleep (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * struct wmi_svc_avail_ev_arg: new member to end (git-fixes). * timekeeping: Prevent 32bit truncation in (git-fixes) * tuntap: fix dividing by zero in ebpf queue selection (git-fixes). * uprobes/x86: Fix detection of 32-bit user mode (git-fixes). * usb/ohci-platform: Fix a warning when hibernating (git-fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: dwc3: core: fix kernel panic when do reboot (git-fixes). * usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). * usb: host: ohci-pxa27x: Fix and & vs | typo (git-fixes). * usb: storage: Add check for kcalloc (git-fixes). * usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git- fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * workqueue: Fix missing kfree(rescuer) in destroy_workqueue() (bsc#1210460). * workqueue: Fix spurious sanity check failures in destroy_workqueue() (bsc#1210460). * wq: handle VM suspension in stall detection (bsc#1210466). * x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes). * x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git- fixes). * x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#1142926). * x86/apic: Soft disable APIC before initializing it (git-fixes). * x86/boot/compressed: Disable relocation relaxation (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/bugs: Add Cannon lake to RETBleed affected CPU list (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/decoder: Add TEST opcode to Group3-2 (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes). * x86/irq: Ensure PI wakeup handler is unregistered before module unload (git- fixes). * x86/kprobes: Fix to check non boostable prefixes correctly (git-fixes). * x86/kprobes: Restore BTF if the single-stepping is cancelled (git-fixes). * x86/lib/cpu: Address missing prototypes warning (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Lower throttling MCE messages' priority to warning (git-fixes). * x86/mm: Stop printing BRK addresses (git-fixes). * x86/mm: Use the correct function type for native_set_fixmap() (git-fixes). * x86/pkeys: Add check for pkey "overflow" (git-fixes). * x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes). * x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline (git- fixes). * x86/sysfb: Fix check for bad VRAM size (git-fixes). * x86/tools/relocs: Fix non-POSIX regexp (git-fixes). * x86/tools: Fix objdump version check again (git-fixes). * x86/virt: Eat faults on VMXOFF in reboot flows (git-fixes). * x86/virt: Mark flags and memory as clobbered by VMXOFF (git-fixes). * x86: Do not let pgprot_modify() change the page encryption bit (git-fixes). * x86_64: Fix jiffies ODR violation (git-fixes). * xfrm: policy: use hlist rcu variants on insert (git-fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: hide include of iommu.h (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2162=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2162=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2162=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.133.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.133.1 * kernel-azure-base-debuginfo-4.12.14-16.133.1 * kernel-azure-debuginfo-4.12.14-16.133.1 * kernel-azure-debugsource-4.12.14-16.133.1 * kernel-azure-base-4.12.14-16.133.1 * kernel-azure-devel-4.12.14-16.133.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.133.1 * kernel-devel-azure-4.12.14-16.133.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.133.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.133.1 * kernel-azure-base-debuginfo-4.12.14-16.133.1 * kernel-azure-debuginfo-4.12.14-16.133.1 * kernel-azure-debugsource-4.12.14-16.133.1 * kernel-azure-base-4.12.14-16.133.1 * kernel-azure-devel-4.12.14-16.133.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.133.1 * kernel-devel-azure-4.12.14-16.133.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.133.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.133.1 * kernel-azure-base-debuginfo-4.12.14-16.133.1 * kernel-azure-debuginfo-4.12.14-16.133.1 * kernel-azure-debugsource-4.12.14-16.133.1 * kernel-azure-base-4.12.14-16.133.1 * kernel-azure-devel-4.12.14-16.133.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.133.1 * kernel-devel-azure-4.12.14-16.133.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1142926 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1190544 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 * https://bugzilla.suse.com/show_bug.cgi?id=1209969 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210430 * https://bugzilla.suse.com/show_bug.cgi?id=1210460 * https://bugzilla.suse.com/show_bug.cgi?id=1210466 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210534 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 07:07:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:07:00 +0200 (CEST) Subject: SUSE-CU-2023:1508-1: Security update of suse/sle15 Message-ID: <20230511070700.60390FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1508-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.135 , suse/sle15:15.3 , suse/sle15:15.3.17.20.135 Container Release : 17.20.135 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Thu May 11 07:07:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:07:52 +0200 (CEST) Subject: SUSE-CU-2023:1509-1: Security update of suse/389-ds Message-ID: <20230511070752.ADE1AFBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1509-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.28 , suse/389-ds:latest Container Release : 21.28 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:08:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:08:46 +0200 (CEST) Subject: SUSE-CU-2023:1510-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230511070846.26FFCFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1510-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.22 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.22 Container Release : 31.22 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:08:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:08:59 +0200 (CEST) Subject: SUSE-CU-2023:1511-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230511070859.0FE2BFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1511-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.21 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.21 , bci/dotnet-aspnet:latest Container Release : 11.21 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:10:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:10:02 +0200 (CEST) Subject: SUSE-CU-2023:1512-1: Recommended update of bci/dotnet-sdk Message-ID: <20230511071002.71E4AFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1512-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.21 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.21 Container Release : 33.21 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:10:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:10:19 +0200 (CEST) Subject: SUSE-CU-2023:1513-1: Recommended update of bci/dotnet-sdk Message-ID: <20230511071019.BB733FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1513-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.21 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.21 , bci/dotnet-sdk:latest Container Release : 11.21 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:11:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:11:10 +0200 (CEST) Subject: SUSE-CU-2023:1514-1: Recommended update of bci/dotnet-runtime Message-ID: <20230511071110.87D1BFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1514-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.21 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.21 Container Release : 30.21 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:11:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:11:22 +0200 (CEST) Subject: SUSE-CU-2023:1515-1: Recommended update of bci/dotnet-runtime Message-ID: <20230511071122.32405FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1515-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.21 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.21 , bci/dotnet-runtime:latest Container Release : 11.21 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:11:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:11:58 +0200 (CEST) Subject: SUSE-CU-2023:1516-1: Security update of bci/golang Message-ID: <20230511071158.227A6FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1516-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.49 Container Release : 22.49 Severity : important Type : security References : 1200441 1206513 1207014 1210127 1210128 1210129 1210130 1210434 1210938 1210963 1211029 1211030 1211031 1211073 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 CVE-2023-29491 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2127-1 Released: Mon May 8 16:31:41 2023 Summary: Security update for go1.19 Type: security Severity: important References: 1200441,1210127,1210128,1210129,1210130,1210938,1210963,1211029,1211030,1211031,1211073,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538,CVE-2023-24539,CVE-2023-24540,CVE-2023-29400 This update for go1.19 fixes the following issues: Update to 1.19.9 (bnc#1200441): - CVE-2023-24539: fixed an improper sanitization of CSS values (bnc#1211029). - CVE-2023-24540: fixed an improper handling of JavaScript whitespace (bnc#1211030). - CVE-2023-29400: fixed an improper handling of empty HTML attributes (bnc#1211031). - runtime: automatically bump RLIMIT_NOFILE on Unix - cmd/compile: inlining function that references function literals generates bad code. - cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. - crypto/tls: TLSv1.3 connection fails with invalid PSK binder. - cmd/compile: incorrect inline function variable. Non-security fixes: - Various packaging fixes (boo#1210963, boo#1210938, boo#1211073) - Reduced install size (jsc#PED-1962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - go1.19-1.19.9-150000.1.31.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:12:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:12:08 +0200 (CEST) Subject: SUSE-CU-2023:1517-1: Security update of bci/golang Message-ID: <20230511071208.20AB3FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1517-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.48 , bci/golang:latest Container Release : 2.48 Severity : important Type : security References : 1206346 1206513 1207014 1210127 1210128 1210129 1210130 1210434 1210938 1210963 1211029 1211030 1211031 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 CVE-2023-29491 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2105-1 Released: Fri May 5 08:34:09 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1210127,1210128,1210129,1210130,1210938,1210963,1211029,1211030,1211031,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538,CVE-2023-24539,CVE-2023-24540,CVE-2023-29400 This update for go1.20 fixes the following issues: Update to 1.20.4 (bnc#1206346): - CVE-2023-24539: Fixed an improper sanitization of CSS values (boo#1211029). - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace (boo#1211030). - CVE-2023-29400: Fixed an improper handling of empty HTML attributes (boo#1211031). - runtime: automatically bump RLIMIT_NOFILE on Unix. - crypto/subtle: xor fails when run with race+purego. - cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. - cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int). - cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex. - net/http: FileServer no longer serves content for POST. - crypto/tls: TLSv1.3 connection fails with invalid PSK binder. - cmd/compile: incorrect inline function variable. - cmd/compile: Unified IR exports table is binary unstable in presence of generics. - go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT. Non-security fixes: - Reverted go1.x Suggests go1.x-race (boo#1210963). - Re-enabled binary stripping and debuginfo (boo#1210938). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - go1.20-1.20.4-150000.1.11.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:12:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:12:54 +0200 (CEST) Subject: SUSE-CU-2023:1518-1: Security update of bci/bci-init Message-ID: <20230511071254.D60B1FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1518-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.52 , bci/bci-init:latest Container Release : 26.52 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:13:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:13:12 +0200 (CEST) Subject: SUSE-CU-2023:1519-1: Recommended update of bci/bci-minimal Message-ID: <20230511071312.64799FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1519-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.19.5 , bci/bci-minimal:latest Container Release : 19.5 Severity : moderate Type : recommended References : 1206513 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated From sle-updates at lists.suse.com Thu May 11 07:14:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:14:02 +0200 (CEST) Subject: SUSE-CU-2023:1520-1: Security update of bci/openjdk Message-ID: <20230511071402.6CDF9FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1520-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.49 Container Release : 35.49 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:14:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:14:25 +0200 (CEST) Subject: SUSE-CU-2023:1521-1: Security update of bci/openjdk Message-ID: <20230511071425.AF67AFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1521-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.50 , bci/openjdk:latest Container Release : 13.50 Severity : important Type : security References : 1206513 1209333 1210434 1210628 1210631 1210632 1210634 1210635 1210636 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-29491 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2110-1 Released: Fri May 5 14:10:21 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1209333,1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: - Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.18.2 updated - java-17-openjdk-17.0.7.0-150400.3.18.2 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:15:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:15:36 +0200 (CEST) Subject: SUSE-CU-2023:1523-1: Security update of bci/php-apache Message-ID: <20230511071536.19A4DFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1523-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.46 Container Release : 2.46 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:15:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:15:27 +0200 (CEST) Subject: SUSE-CU-2023:1522-1: Security update of suse/pcp Message-ID: <20230511071527.AEC08FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1522-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.39 , suse/pcp:5.2 , suse/pcp:5.2-14.39 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.39 , suse/pcp:latest Container Release : 14.39 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:bci-bci-init-15.4-15.4-26.52 updated From sle-updates at lists.suse.com Thu May 11 07:15:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:15:53 +0200 (CEST) Subject: SUSE-CU-2023:1525-1: Security update of bci/php Message-ID: <20230511071553.7348AFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1525-1 Container Tags : bci/php:8 , bci/php:8-2.45 Container Release : 2.45 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:15:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:15:44 +0200 (CEST) Subject: SUSE-CU-2023:1524-1: Security update of bci/php-fpm Message-ID: <20230511071544.3AF91FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1524-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.45 Container Release : 2.45 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:16:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:16:36 +0200 (CEST) Subject: SUSE-CU-2023:1526-1: Security update of bci/python Message-ID: <20230511071636.F3898FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1526-1 Container Tags : bci/python:3 , bci/python:3-12.45 , bci/python:3.10 , bci/python:3.10-12.45 , bci/python:latest Container Release : 12.45 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2114-1 Released: Fri May 5 14:37:02 2023 Summary: Recommended update for python310-setuptools Type: recommended Severity: moderate References: This update for python310-setuptools fixes the following issues: - Update to 67.6.1 - Support of pyproject.toml (jsc#PED-3765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - python310-setuptools-67.6.1-150400.4.6.1 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:17:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:17:25 +0200 (CEST) Subject: SUSE-CU-2023:1527-1: Security update of bci/python Message-ID: <20230511071725.61029FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1527-1 Container Tags : bci/python:3 , bci/python:3-35.45 , bci/python:3.6 , bci/python:3.6-35.45 Container Release : 35.45 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 07:18:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 09:18:10 +0200 (CEST) Subject: SUSE-CU-2023:1528-1: Security update of bci/ruby Message-ID: <20230511071810.60F35FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1528-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.44 , bci/ruby:2.5 , bci/ruby:2.5-34.44 , bci/ruby:latest Container Release : 34.44 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 08:30:04 -0000 Subject: SUSE-SU-2023:2171-1: moderate: Security update for ntp Message-ID: <168379380409.32765.13718458986912831419@smelt2.suse.de> # Security update for ntp Announcement ID: SUSE-SU-2023:2171-1 Rating: moderate References: * #1210386 * #1210387 * #1210388 * #1210389 Cross-References: * CVE-2023-26551 * CVE-2023-26552 * CVE-2023-26553 * CVE-2023-26554 CVSS scores: * CVE-2023-26551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26551 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26552 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26552 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26553 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26553 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-26554 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26554 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for ntp fixes the following issues: Fixed multiple out of bound writes: CVE-2023-26551 (bsc#1210386), CVE-2023-26552 (bsc#1210388), CVE-2023-26553 (bsc#1210387), CVE-2023-26554 (bsc#1210389). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2171=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2171=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2171=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ntp-debugsource-4.2.8p15-100.1 * ntp-doc-4.2.8p15-100.1 * ntp-debuginfo-4.2.8p15-100.1 * ntp-4.2.8p15-100.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ntp-debugsource-4.2.8p15-100.1 * ntp-doc-4.2.8p15-100.1 * ntp-debuginfo-4.2.8p15-100.1 * ntp-4.2.8p15-100.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ntp-debugsource-4.2.8p15-100.1 * ntp-doc-4.2.8p15-100.1 * ntp-debuginfo-4.2.8p15-100.1 * ntp-4.2.8p15-100.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26551.html * https://www.suse.com/security/cve/CVE-2023-26552.html * https://www.suse.com/security/cve/CVE-2023-26553.html * https://www.suse.com/security/cve/CVE-2023-26554.html * https://bugzilla.suse.com/show_bug.cgi?id=1210386 * https://bugzilla.suse.com/show_bug.cgi?id=1210387 * https://bugzilla.suse.com/show_bug.cgi?id=1210388 * https://bugzilla.suse.com/show_bug.cgi?id=1210389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 08:30:05 -0000 Subject: SUSE-RU-2023:2170-1: moderate: Recommended update for open-vm-tools Message-ID: <168379380595.32765.12291639169161993226@smelt2.suse.de> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:2170-1 Rating: moderate References: * #1205962 * #1209128 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * Update to 12.2.0 (bsc#1209128) * Build the containerinfo plugin for TW/SLES15-SP5 and newer.(jsc#PED-1344) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2170=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2170=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2170=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.50.1 * open-vm-tools-sdmp-12.2.0-4.50.1 * open-vm-tools-desktop-12.2.0-4.50.1 * open-vm-tools-salt-minion-12.2.0-4.50.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.50.1 * libvmtools0-12.2.0-4.50.1 * libvmtools0-debuginfo-12.2.0-4.50.1 * open-vm-tools-debuginfo-12.2.0-4.50.1 * open-vm-tools-12.2.0-4.50.1 * open-vm-tools-debugsource-12.2.0-4.50.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.50.1 * open-vm-tools-sdmp-12.2.0-4.50.1 * open-vm-tools-desktop-12.2.0-4.50.1 * open-vm-tools-salt-minion-12.2.0-4.50.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.50.1 * libvmtools0-12.2.0-4.50.1 * libvmtools0-debuginfo-12.2.0-4.50.1 * open-vm-tools-debuginfo-12.2.0-4.50.1 * open-vm-tools-12.2.0-4.50.1 * open-vm-tools-debugsource-12.2.0-4.50.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.50.1 * open-vm-tools-sdmp-12.2.0-4.50.1 * open-vm-tools-desktop-12.2.0-4.50.1 * open-vm-tools-salt-minion-12.2.0-4.50.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.50.1 * libvmtools0-12.2.0-4.50.1 * libvmtools0-debuginfo-12.2.0-4.50.1 * open-vm-tools-debuginfo-12.2.0-4.50.1 * open-vm-tools-12.2.0-4.50.1 * open-vm-tools-debugsource-12.2.0-4.50.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205962 * https://bugzilla.suse.com/show_bug.cgi?id=1209128 * https://jira.suse.com/browse/PED-1344 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 08:30:16 -0000 Subject: SUSE-SU-2023:2163-1: important: Security update for the Linux Kernel Message-ID: <168379381605.32765.14260768499204553799@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2163-1 Rating: important References: * #1142685 * #1142926 * #1174777 * #1190544 * #1202353 * #1205128 * #1207088 * #1209342 * #1209687 * #1209777 * #1209871 * #1209887 * #1209969 * #1209999 * #1210202 * #1210301 * #1210329 * #1210336 * #1210337 * #1210430 * #1210460 * #1210466 * #1210469 * #1210498 * #1210506 * #1210534 * #1210647 * #1210827 * #1211037 Cross-References: * CVE-2020-36691 * CVE-2022-43945 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-2483 * CVE-2023-30772 CVSS scores: * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 12 vulnerabilities and has 17 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). The following non-security bugs were fixed: * ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git- fixes) * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git- fixes) * ath10k: Fix error handling in case of CE pipe init failure (git-fixes). * ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). * ath10k: Fix the parsing error in service available event (git-fixes). * ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). * ath10k: fix control-message timeout (git-fixes). * ath10k: fix division by zero in send path (git-fixes). * ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git- fixes). * audit: improve audit queue handling when "audit=1" on cmdline (bsc#1209969). * bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B (git- fixes). * bs-upload-kernel: Do not skip post-build-checks * cachefiles: Drop superfluous readpages aops NULL check (bsc#1210430). * cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (bsc#1210430). * cachefiles: Fix race between read_waiter and read_copier involving op->to_do (bsc#1210430). * cachefiles: Handle readpage error correctly (bsc#1210430). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * drivers: net: lmc: fix case value for target abort error (git-fixes). * fscache, cachefiles: remove redundant variable 'cache' (bsc#1210430). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * intel_pmc_ipc: restore ability to call functions with irq enabled (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * iwlwifi: Fix -EIO error code that is never returned (git-fixes). * iwlwifi: fw: make pos static in iwl_sar_get_ewrd_table() loop (git-fixes). * iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). * iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). * kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777). * kcm: Only allow TCP sockets to be attached to a KCM mux (git-fixes). * keys: Change keyring_serialise_link_sem to a mutex (bsc#1207088). * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: Hoist locking out of __key_link_begin() (bsc#1207088). * kretprobe: Prevent triggering kretprobe from within kprobe_flush_task (git- fixes). * l2tp: clean up stale tunnel or session in pppol2tp_connect's error path (git-fixes). * l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect() (git- fixes). * l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels (git-fixes). * net/ncsi: Do not return error on normal response (git-fixes). * net: axienet: Fix double deregister of mdio (git-fixes). * net: core: dst: Add kernel-doc for 'net' parameter (git-fixes). * net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency (git-fixes). * net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b (git-fixes). * net: prevent ISA drivers from building on PPC32 (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * netfilter: nft_set_rbtree: fix parameter of __nft_rbtree_lookup() (git- fixes). * netfilter: x_tables: Add note about how to free percpu counters (git-fixes). * ntp: Limit TAI-UTC offset (git-fixes) * nvme-pci: do not WARN_ON in nvme_reset_work if ctrl.state is not RESETTING (git-fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme: retain split access workaround for capability reads (git-fixes). * platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe function (git- fixes). * platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates (git- fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1209999 ltc#202140 bsc#1190544 ltc#194520 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Detect support for coregroup (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Limit possible nodes to within num_possible_nodes (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/numa: Restrict possible nodes based on platform (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * printk: Give error on attempt to set log buffer length to over 2G (bsc#1210534). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * sctp: do not free asoc when it is already dead in sctp_sendmsg (git-fixes). * sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (git-fixes). * sctp: use the right sk after waking up from wait_buf sleep (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * struct wmi_svc_avail_ev_arg: new member to end (git-fixes). * timekeeping: Prevent 32bit truncation in (git-fixes) * tuntap: fix dividing by zero in ebpf queue selection (git-fixes). * uprobes/x86: Fix detection of 32-bit user mode (git-fixes). * usb/ohci-platform: Fix a warning when hibernating (git-fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: dwc3: core: fix kernel panic when do reboot (git-fixes). * usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). * usb: host: ohci-pxa27x: Fix and & vs | typo (git-fixes). * usb: storage: Add check for kcalloc (git-fixes). * usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git- fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * workqueue: Fix missing kfree(rescuer) in destroy_workqueue() (bsc#1210460). * workqueue: Fix spurious sanity check failures in destroy_workqueue() (bsc#1210460). * wq: handle VM suspension in stall detection (bsc#1210466). * x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes). * x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git- fixes). * x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#1142926). * x86/apic: Soft disable APIC before initializing it (git-fixes). * x86/boot/compressed: Disable relocation relaxation (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/bugs: Add Cannon lake to RETBleed affected CPU list (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/decoder: Add TEST opcode to Group3-2 (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes). * x86/irq: Ensure PI wakeup handler is unregistered before module unload (git- fixes). * x86/kprobes: Fix to check non boostable prefixes correctly (git-fixes). * x86/kprobes: Restore BTF if the single-stepping is cancelled (git-fixes). * x86/lib/cpu: Address missing prototypes warning (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Lower throttling MCE messages' priority to warning (git-fixes). * x86/mm: Stop printing BRK addresses (git-fixes). * x86/mm: Use the correct function type for native_set_fixmap() (git-fixes). * x86/pkeys: Add check for pkey "overflow" (git-fixes). * x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes). * x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline (git- fixes). * x86/sysfb: Fix check for bad VRAM size (git-fixes). * x86/tools/relocs: Fix non-POSIX regexp (git-fixes). * x86/tools: Fix objdump version check again (git-fixes). * x86/virt: Eat faults on VMXOFF in reboot flows (git-fixes). * x86/virt: Mark flags and memory as clobbered by VMXOFF (git-fixes). * x86: Do not let pgprot_modify() change the page encryption bit (git-fixes). * x86_64: Fix jiffies ODR violation (git-fixes). * xfrm: policy: use hlist rcu variants on insert (git-fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: hide include of iommu.h (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2163=1 SUSE-SLE- SERVER-12-SP5-2023-2163=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2163=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2163=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2163=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2163=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2163=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2163=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * kernel-default-base-4.12.14-122.159.1 * dlm-kmp-default-4.12.14-122.159.1 * gfs2-kmp-default-debuginfo-4.12.14-122.159.1 * kernel-default-devel-4.12.14-122.159.1 * kernel-syms-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * ocfs2-kmp-default-4.12.14-122.159.1 * cluster-md-kmp-default-4.12.14-122.159.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.159.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.159.1 * dlm-kmp-default-debuginfo-4.12.14-122.159.1 * kernel-default-base-debuginfo-4.12.14-122.159.1 * gfs2-kmp-default-4.12.14-122.159.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.159.1 * kernel-source-4.12.14-122.159.1 * kernel-macros-4.12.14-122.159.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.159.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * dlm-kmp-default-4.12.14-122.159.1 * gfs2-kmp-default-debuginfo-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * ocfs2-kmp-default-4.12.14-122.159.1 * cluster-md-kmp-default-4.12.14-122.159.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.159.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.159.1 * dlm-kmp-default-debuginfo-4.12.14-122.159.1 * gfs2-kmp-default-4.12.14-122.159.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * kernel-default-kgraft-devel-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * kernel-default-kgraft-4.12.14-122.159.1 * kgraft-patch-4_12_14-122_159-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.159.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.159.1 * kernel-obs-build-debugsource-4.12.14-122.159.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * kernel-default-base-4.12.14-122.159.1 * kernel-default-devel-4.12.14-122.159.1 * kernel-syms-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * kernel-default-base-debuginfo-4.12.14-122.159.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.159.1 * kernel-source-4.12.14-122.159.1 * kernel-macros-4.12.14-122.159.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.159.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * kernel-default-base-4.12.14-122.159.1 * kernel-default-devel-4.12.14-122.159.1 * kernel-syms-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * kernel-default-base-debuginfo-4.12.14-122.159.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.159.1 * kernel-source-4.12.14-122.159.1 * kernel-macros-4.12.14-122.159.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.159.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.159.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.159.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debuginfo-4.12.14-122.159.1 * kernel-default-extra-4.12.14-122.159.1 * kernel-default-debugsource-4.12.14-122.159.1 * kernel-default-extra-debuginfo-4.12.14-122.159.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1142926 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1190544 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 * https://bugzilla.suse.com/show_bug.cgi?id=1209969 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210430 * https://bugzilla.suse.com/show_bug.cgi?id=1210460 * https://bugzilla.suse.com/show_bug.cgi?id=1210466 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210534 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 10:15:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:15:22 +0200 (CEST) Subject: SUSE-IU-2023:317-1: Security update of suse-sles-15-sp4-chost-byos-v20230510-x86_64-gen2 Message-ID: <20230511101522.73C1EFBB2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230510-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:317-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230510-x86_64-gen2:20230510 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1155798 1168481 1171479 1174777 1187810 1189036 1189998 1189999 1191467 1191525 1193629 1194869 1194869 1198932 1200321 1201209 1201234 1202705 1202820 1203039 1203079 1203200 1203325 1203446 1204042 1206195 1206439 1206513 1206552 1206649 1206891 1206992 1207014 1207064 1207088 1207168 1207185 1207574 1207876 1208076 1208079 1208423 1208426 1208529 1208602 1208815 1208822 1208828 1208829 1208845 1208902 1208962 1209026 1209042 1209052 1209118 1209122 1209165 1209187 1209234 1209256 1209290 1209292 1209366 1209372 1209532 1209547 1209556 1209572 1209600 1209615 1209634 1209635 1209636 1209667 1209681 1209684 1209687 1209693 1209713 1209714 1209739 1209779 1209788 1209798 1209799 1209804 1209805 1209871 1209873 1209878 1209884 1209888 1209918 1209927 1209999 1210034 1210050 1210135 1210158 1210202 1210203 1210206 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210418 1210434 1210439 1210453 1210454 1210469 1210499 1210506 1210507 1210629 1210630 1210725 1210729 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210793 1210816 1210817 1210827 1210943 1210953 1210986 1211025 CVE-2017-5753 CVE-2020-12762 CVE-2022-2196 CVE-2022-28737 CVE-2022-4744 CVE-2023-0386 CVE-2023-0394 CVE-2023-0465 CVE-2023-0466 CVE-2023-1127 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23001 CVE-2023-23006 CVE-2023-24593 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-27561 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28642 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-30630 CVE-2023-30772 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230510-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1809-1 Released: Tue Apr 11 11:47:44 2023 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1203079 This update for haveged fixes the following issues: - Synchronize haveged instances during switching root (bsc#1203079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1882-1 Released: Tue Apr 18 11:13:49 2023 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1201209 This update for makedumpfile fixes the following issues: - Fix memory leak issue in init_xen_crash_info (bsc#1201209) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1885-1 Released: Tue Apr 18 11:15:17 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1206195,1206439 This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1897-1 Released: Tue Apr 18 11:59:49 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1189998,1193629,1194869,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1915-1 Released: Wed Apr 19 16:17:38 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1202820 This update for kexec-tools fixes the following issues: - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1947-1 Released: Fri Apr 21 14:14:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1963-1 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1994-1 Released: Tue Apr 25 13:53:25 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2040-1 Released: Wed Apr 26 11:44:03 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1202705,1207876 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git0.e3c41e60892e * Added MemTotal detection for HwInfo * Make keepalive on SUMA systems exit without error (bsc#1207876) * Add deactivate API to ruby bindings (bsc#1202705) * Allow non-root users to use --version * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2135-1 Released: Tue May 9 13:38:11 2023 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2140-1 Released: Tue May 9 14:28:34 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1142685,1155798,1174777,1189999,1194869,1203039,1203325,1204042,1206649,1206891,1206992,1207088,1208076,1208822,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210499,1210506,1210629,1210630,1210725,1210729,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration The following package changes have been done: - containerd-ctr-1.6.19-150000.87.1 updated - containerd-1.6.19-150000.87.1 updated - cups-config-2.2.7-150000.3.40.1 updated - dmidecode-3.4-150400.16.8.1 updated - dracut-055+suse.335.gccf7fbc6-150400.3.19.1 updated - grub2-i386-pc-2.06-150400.11.30.1 updated - grub2-x86_64-efi-2.06-150400.11.30.1 updated - grub2-2.06-150400.11.30.1 updated - haveged-1.9.14-150400.3.3.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.14.21-150400.24.63.1 updated - kexec-tools-2.0.20-150400.16.6.1 updated - libavahi-client3-0.8-150400.7.3.1 updated - libavahi-common3-0.8-150400.7.3.1 updated - libcups2-2.2.7-150000.3.40.1 updated - libfastjson4-0.99.9-150400.3.3.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libhavege2-1.9.14-150400.3.3.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libz1-1.2.11-150000.3.42.1 updated - login_defs-4.8.1-150400.10.6.1 updated - makedumpfile-1.7.0-150400.4.3.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - procps-3.3.15-150000.7.31.1 updated - rsyslog-module-relp-8.2106.0-150400.5.11.1 added - runc-1.1.5-150000.41.1 updated - shadow-4.8.1-150400.10.6.1 updated - shim-15.7-150300.4.16.1 updated - sles-release-15.4-150400.58.7.3 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 updated - suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 updated - systemd-rpm-macros-12-150000.7.30.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Thu May 11 10:15:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:15:32 +0200 (CEST) Subject: SUSE-IU-2023:318-1: Security update of suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64 Message-ID: <20230511101532.ACEFEFBB2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:318-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64:20230510 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1155798 1168481 1171479 1174777 1187810 1189036 1189998 1189999 1191467 1191525 1193629 1194869 1194869 1198932 1200321 1201209 1201234 1202705 1202820 1203039 1203079 1203200 1203325 1203446 1204042 1206195 1206439 1206513 1206552 1206649 1206891 1206992 1207014 1207064 1207088 1207168 1207185 1207574 1207876 1208076 1208079 1208423 1208426 1208529 1208602 1208815 1208822 1208828 1208829 1208845 1208902 1208962 1209026 1209042 1209052 1209118 1209122 1209165 1209187 1209234 1209256 1209290 1209292 1209366 1209372 1209532 1209547 1209556 1209572 1209600 1209615 1209634 1209635 1209636 1209667 1209681 1209684 1209687 1209693 1209713 1209714 1209739 1209779 1209788 1209798 1209799 1209804 1209805 1209871 1209873 1209878 1209884 1209888 1209918 1209927 1209999 1210034 1210050 1210135 1210158 1210202 1210203 1210206 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210418 1210434 1210439 1210453 1210454 1210469 1210499 1210506 1210507 1210629 1210630 1210725 1210729 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210793 1210816 1210817 1210827 1210943 1210953 1210986 1211025 CVE-2017-5753 CVE-2020-12762 CVE-2022-2196 CVE-2022-28737 CVE-2022-4744 CVE-2023-0386 CVE-2023-0394 CVE-2023-0465 CVE-2023-0466 CVE-2023-1127 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23001 CVE-2023-23006 CVE-2023-24593 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-27561 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28642 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-30630 CVE-2023-30772 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1809-1 Released: Tue Apr 11 11:47:44 2023 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1203079 This update for haveged fixes the following issues: - Synchronize haveged instances during switching root (bsc#1203079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1882-1 Released: Tue Apr 18 11:13:49 2023 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1201209 This update for makedumpfile fixes the following issues: - Fix memory leak issue in init_xen_crash_info (bsc#1201209) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1885-1 Released: Tue Apr 18 11:15:17 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1206195,1206439 This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1897-1 Released: Tue Apr 18 11:59:49 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1189998,1193629,1194869,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1915-1 Released: Wed Apr 19 16:17:38 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1202820 This update for kexec-tools fixes the following issues: - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1947-1 Released: Fri Apr 21 14:14:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1963-1 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1994-1 Released: Tue Apr 25 13:53:25 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2040-1 Released: Wed Apr 26 11:44:03 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1202705,1207876 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git0.e3c41e60892e * Added MemTotal detection for HwInfo * Make keepalive on SUMA systems exit without error (bsc#1207876) * Add deactivate API to ruby bindings (bsc#1202705) * Allow non-root users to use --version * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2135-1 Released: Tue May 9 13:38:11 2023 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2140-1 Released: Tue May 9 14:28:34 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1142685,1155798,1174777,1189999,1194869,1203039,1203325,1204042,1206649,1206891,1206992,1207088,1208076,1208822,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210499,1210506,1210629,1210630,1210725,1210729,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration The following package changes have been done: - containerd-ctr-1.6.19-150000.87.1 updated - containerd-1.6.19-150000.87.1 updated - cups-config-2.2.7-150000.3.40.1 updated - dmidecode-3.4-150400.16.8.1 updated - dracut-055+suse.335.gccf7fbc6-150400.3.19.1 updated - grub2-i386-pc-2.06-150400.11.30.1 updated - grub2-x86_64-efi-2.06-150400.11.30.1 updated - grub2-x86_64-xen-2.06-150400.11.30.1 updated - grub2-2.06-150400.11.30.1 updated - haveged-1.9.14-150400.3.3.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.14.21-150400.24.63.1 updated - kexec-tools-2.0.20-150400.16.6.1 updated - libavahi-client3-0.8-150400.7.3.1 updated - libavahi-common3-0.8-150400.7.3.1 updated - libcups2-2.2.7-150000.3.40.1 updated - libfastjson4-0.99.9-150400.3.3.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libhavege2-1.9.14-150400.3.3.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libz1-1.2.11-150000.3.42.1 updated - login_defs-4.8.1-150400.10.6.1 updated - makedumpfile-1.7.0-150400.4.3.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - procps-3.3.15-150000.7.31.1 updated - rsyslog-module-relp-8.2106.0-150400.5.11.1 added - runc-1.1.5-150000.41.1 updated - shadow-4.8.1-150400.10.6.1 updated - shim-15.7-150300.4.16.1 updated - sles-release-15.4-150400.58.7.3 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 updated - suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 updated - systemd-rpm-macros-12-150000.7.30.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Thu May 11 10:15:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:15:44 +0200 (CEST) Subject: SUSE-IU-2023:319-1: Security update of sles-15-sp4-chost-byos-v20230510-arm64 Message-ID: <20230511101544.C0D8BFBB2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230510-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:319-1 Image Tags : sles-15-sp4-chost-byos-v20230510-arm64:20230510 Image Release : Severity : important Type : security References : 1065729 1109158 1142685 1155798 1168481 1171479 1174777 1187810 1189036 1189998 1189999 1191467 1191525 1193629 1194869 1194869 1198932 1200321 1201209 1201234 1202705 1202820 1203039 1203079 1203200 1203325 1203446 1204042 1206195 1206439 1206513 1206552 1206649 1206891 1206992 1207014 1207064 1207088 1207168 1207185 1207574 1207876 1208076 1208079 1208423 1208426 1208529 1208602 1208815 1208822 1208828 1208829 1208845 1208902 1208962 1209026 1209042 1209052 1209118 1209122 1209165 1209187 1209234 1209256 1209290 1209292 1209366 1209372 1209532 1209547 1209556 1209572 1209600 1209615 1209634 1209635 1209636 1209667 1209681 1209684 1209687 1209693 1209713 1209714 1209739 1209779 1209788 1209798 1209799 1209804 1209805 1209871 1209873 1209878 1209884 1209888 1209918 1209927 1209999 1210034 1210050 1210135 1210158 1210202 1210203 1210206 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210418 1210434 1210439 1210453 1210454 1210469 1210499 1210506 1210507 1210629 1210630 1210725 1210729 1210762 1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770 1210771 1210793 1210816 1210817 1210827 1210943 1210953 1210986 1211025 CVE-2017-5753 CVE-2020-12762 CVE-2022-2196 CVE-2022-28737 CVE-2022-4744 CVE-2023-0386 CVE-2023-0394 CVE-2023-0465 CVE-2023-0466 CVE-2023-1127 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235 CVE-2023-23001 CVE-2023-23006 CVE-2023-24593 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-27561 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28642 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-30630 CVE-2023-30772 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230510-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1809-1 Released: Tue Apr 11 11:47:44 2023 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1203079 This update for haveged fixes the following issues: - Synchronize haveged instances during switching root (bsc#1203079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1882-1 Released: Tue Apr 18 11:13:49 2023 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1201209 This update for makedumpfile fixes the following issues: - Fix memory leak issue in init_xen_crash_info (bsc#1201209) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1885-1 Released: Tue Apr 18 11:15:17 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1206195,1206439 This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1897-1 Released: Tue Apr 18 11:59:49 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1109158,1189998,1193629,1194869,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1915-1 Released: Wed Apr 19 16:17:38 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1202820 This update for kexec-tools fixes the following issues: - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1947-1 Released: Fri Apr 21 14:14:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1963-1 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1994-1 Released: Tue Apr 25 13:53:25 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2040-1 Released: Wed Apr 26 11:44:03 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1202705,1207876 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git0.e3c41e60892e * Added MemTotal detection for HwInfo * Make keepalive on SUMA systems exit without error (bsc#1207876) * Add deactivate API to ruby bindings (bsc#1202705) * Allow non-root users to use --version * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2135-1 Released: Tue May 9 13:38:11 2023 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2140-1 Released: Tue May 9 14:28:34 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1142685,1155798,1174777,1189999,1194869,1203039,1203325,1204042,1206649,1206891,1206992,1207088,1208076,1208822,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210499,1210506,1210629,1210630,1210725,1210729,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes). - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration The following package changes have been done: - containerd-ctr-1.6.19-150000.87.1 updated - containerd-1.6.19-150000.87.1 updated - cups-config-2.2.7-150000.3.40.1 updated - dmidecode-3.4-150400.16.8.1 updated - dracut-055+suse.335.gccf7fbc6-150400.3.19.1 updated - grub2-i386-pc-2.06-150400.11.30.1 updated - grub2-x86_64-efi-2.06-150400.11.30.1 updated - grub2-2.06-150400.11.30.1 updated - haveged-1.9.14-150400.3.3.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.14.21-150400.24.63.1 updated - kexec-tools-2.0.20-150400.16.6.1 updated - libavahi-client3-0.8-150400.7.3.1 updated - libavahi-common3-0.8-150400.7.3.1 updated - libcups2-2.2.7-150000.3.40.1 updated - libfastjson4-0.99.9-150400.3.3.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libhavege2-1.9.14-150400.3.3.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libz1-1.2.11-150000.3.42.1 updated - login_defs-4.8.1-150400.10.6.1 updated - makedumpfile-1.7.0-150400.4.3.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - procps-3.3.15-150000.7.31.1 updated - rsyslog-module-relp-8.2106.0-150400.5.11.1 added - runc-1.1.5-150000.41.1 updated - shadow-4.8.1-150400.10.6.1 updated - shim-15.7-150300.4.16.1 updated - sles-release-15.4-150400.58.7.3 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 updated - suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 updated - systemd-rpm-macros-12-150000.7.30.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - vim-data-common-9.0.1443-150000.5.40.1 updated - vim-9.0.1443-150000.5.40.1 updated - xxd-9.0.1443-150000.5.40.1 added From sle-updates at lists.suse.com Thu May 11 10:18:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:18:00 +0200 (CEST) Subject: SUSE-CU-2023:1528-1: Security update of bci/ruby Message-ID: <20230511101800.0568DFBB2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1528-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.44 , bci/ruby:2.5 , bci/ruby:2.5-34.44 , bci/ruby:latest Container Release : 34.44 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 10:18:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:18:04 +0200 (CEST) Subject: SUSE-CU-2023:1529-1: Security update of bci/rust Message-ID: <20230511101804.37AC2FBB2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1529-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-3.7 Container Release : 3.7 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 10:18:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:18:05 +0200 (CEST) Subject: SUSE-CU-2023:1530-1: Security update of bci/rust Message-ID: <20230511101805.E9E5BFBB2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1530-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.6 , bci/rust:latest Container Release : 2.6 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Thu May 11 10:18:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:18:41 +0200 (CEST) Subject: SUSE-CU-2023:1531-1: Security update of suse/sle15 Message-ID: <20230511101841.43276FBB2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1531-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.59 , suse/sle15:15.4 , suse/sle15:15.4.27.14.59 Container Release : 27.14.59 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated From sle-updates at lists.suse.com Thu May 11 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2178-1: important: Security update for buildah Message-ID: <168380820479.22928.11861655882710985910@smelt2.suse.de> # Security update for buildah Announcement ID: SUSE-SU-2023:2178-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2178=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2178=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150400.3.16.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150400.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2177-1: important: Security update for buildah Message-ID: <168380820648.22928.13375258418656796229@smelt2.suse.de> # Security update for buildah Announcement ID: SUSE-SU-2023:2177-1 Rating: important References: * #1200441 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2177=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2177=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2177=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2177=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2177=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * buildah-1.25.1-150100.3.15.1 * SUSE CaaS Platform 4.0 (x86_64) * buildah-1.25.1-150100.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:08 -0000 Subject: SUSE-SU-2023:2176-1: important: Security update for MozillaFirefox Message-ID: <168380820826.22928.4017804564081889844@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2176-1 Rating: important References: * #1211175 Cross-References: * CVE-2023-32205 * CVE-2023-32206 * CVE-2023-32207 * CVE-2023-32211 * CVE-2023-32212 * CVE-2023-32213 * CVE-2023-32214 * CVE-2023-32215 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): * CVE-2023-32205: Browser prompts could have been obscured by popups * CVE-2023-32206: Crash in RLBox Expat driver * CVE-2023-32207: Potential permissions request bypass via clickjacking * CVE-2023-32211: Content process crash due to invalid wasm code * CVE-2023-32212: Potential spoof due to obscured address bar * CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() * CVE-2023-32214: Potential DoS via exposed protocol handlers * CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2176=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2176=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2176=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2176=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2176=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2176=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2176=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2176=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2176=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2176=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-translations-common-102.11.0-112.159.1 * MozillaFirefox-debuginfo-102.11.0-112.159.1 * MozillaFirefox-devel-102.11.0-112.159.1 * MozillaFirefox-102.11.0-112.159.1 * MozillaFirefox-debugsource-102.11.0-112.159.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32205.html * https://www.suse.com/security/cve/CVE-2023-32206.html * https://www.suse.com/security/cve/CVE-2023-32207.html * https://www.suse.com/security/cve/CVE-2023-32211.html * https://www.suse.com/security/cve/CVE-2023-32212.html * https://www.suse.com/security/cve/CVE-2023-32213.html * https://www.suse.com/security/cve/CVE-2023-32214.html * https://www.suse.com/security/cve/CVE-2023-32215.html * https://bugzilla.suse.com/show_bug.cgi?id=1211175 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2175-1: important: Security update for MozillaFirefox Message-ID: <168380820986.22928.12106578798457631508@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2175-1 Rating: important References: * #1211175 Cross-References: * CVE-2023-32205 * CVE-2023-32206 * CVE-2023-32207 * CVE-2023-32211 * CVE-2023-32212 * CVE-2023-32213 * CVE-2023-32214 * CVE-2023-32215 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): * CVE-2023-32205: Browser prompts could have been obscured by popups * CVE-2023-32206: Crash in RLBox Expat driver * CVE-2023-32207: Potential permissions request bypass via clickjacking * CVE-2023-32211: Content process crash due to invalid wasm code * CVE-2023-32212: Potential spoof due to obscured address bar * CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() * CVE-2023-32214: Potential DoS via exposed protocol handlers * CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2175=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2175=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2175=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-102.11.0-150000.150.85.1 * MozillaFirefox-translations-other-102.11.0-150000.150.85.1 * MozillaFirefox-translations-common-102.11.0-150000.150.85.1 * MozillaFirefox-debugsource-102.11.0-150000.150.85.1 * MozillaFirefox-debuginfo-102.11.0-150000.150.85.1 * MozillaFirefox-devel-102.11.0-150000.150.85.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-102.11.0-150000.150.85.1 * MozillaFirefox-translations-other-102.11.0-150000.150.85.1 * MozillaFirefox-translations-common-102.11.0-150000.150.85.1 * MozillaFirefox-debugsource-102.11.0-150000.150.85.1 * MozillaFirefox-debuginfo-102.11.0-150000.150.85.1 * MozillaFirefox-devel-102.11.0-150000.150.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-102.11.0-150000.150.85.1 * MozillaFirefox-translations-other-102.11.0-150000.150.85.1 * MozillaFirefox-translations-common-102.11.0-150000.150.85.1 * MozillaFirefox-debugsource-102.11.0-150000.150.85.1 * MozillaFirefox-debuginfo-102.11.0-150000.150.85.1 * MozillaFirefox-devel-102.11.0-150000.150.85.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-102.11.0-150000.150.85.1 * MozillaFirefox-translations-other-102.11.0-150000.150.85.1 * MozillaFirefox-translations-common-102.11.0-150000.150.85.1 * MozillaFirefox-debugsource-102.11.0-150000.150.85.1 * MozillaFirefox-debuginfo-102.11.0-150000.150.85.1 * MozillaFirefox-devel-102.11.0-150000.150.85.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32205.html * https://www.suse.com/security/cve/CVE-2023-32206.html * https://www.suse.com/security/cve/CVE-2023-32207.html * https://www.suse.com/security/cve/CVE-2023-32211.html * https://www.suse.com/security/cve/CVE-2023-32212.html * https://www.suse.com/security/cve/CVE-2023-32213.html * https://www.suse.com/security/cve/CVE-2023-32214.html * https://www.suse.com/security/cve/CVE-2023-32215.html * https://bugzilla.suse.com/show_bug.cgi?id=1211175 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:11 -0000 Subject: SUSE-SU-2023:2174-1: important: Security update for container-suseconnect Message-ID: <168380821148.22928.17083827789606035461@smelt2.suse.de> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:2174-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2174=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2174=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2174=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2174=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2174=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2174=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2174=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2174=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2174=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2174=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2174=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2174=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2174=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.28.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:13 -0000 Subject: SUSE-SU-2023:2173-1: important: Security update for MozillaFirefox Message-ID: <168380821321.22928.3529757508465360495@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2173-1 Rating: important References: * #1211175 Cross-References: * CVE-2023-32205 * CVE-2023-32206 * CVE-2023-32207 * CVE-2023-32211 * CVE-2023-32212 * CVE-2023-32213 * CVE-2023-32214 * CVE-2023-32215 CVSS scores: Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): * CVE-2023-32205: Browser prompts could have been obscured by popups * CVE-2023-32206: Crash in RLBox Expat driver * CVE-2023-32207: Potential permissions request bypass via clickjacking * CVE-2023-32211: Content process crash due to invalid wasm code * CVE-2023-32212: Potential spoof due to obscured address bar * CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() * CVE-2023-32214: Potential DoS via exposed protocol handlers * CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2173=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2173=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2173=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2173=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2173=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2173=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2173=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2173=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2173=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2173=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2173=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2173=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-branding-upstream-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.11.0-150200.152.87.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.11.0-150200.152.87.1 * MozillaFirefox-translations-common-102.11.0-150200.152.87.1 * MozillaFirefox-102.11.0-150200.152.87.1 * MozillaFirefox-devel-102.11.0-150200.152.87.1 * MozillaFirefox-debugsource-102.11.0-150200.152.87.1 * MozillaFirefox-translations-other-102.11.0-150200.152.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32205.html * https://www.suse.com/security/cve/CVE-2023-32206.html * https://www.suse.com/security/cve/CVE-2023-32207.html * https://www.suse.com/security/cve/CVE-2023-32211.html * https://www.suse.com/security/cve/CVE-2023-32212.html * https://www.suse.com/security/cve/CVE-2023-32213.html * https://www.suse.com/security/cve/CVE-2023-32214.html * https://www.suse.com/security/cve/CVE-2023-32215.html * https://bugzilla.suse.com/show_bug.cgi?id=1211175 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 12:30:14 -0000 Subject: SUSE-SU-2023:2172-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <168380821477.22928.12628253529302204801@smelt2.suse.de> # Security update for golang-github-prometheus-prometheus Announcement ID: SUSE-SU-2023:2172-1 Rating: important References: * #1200441 Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 An update that has one fix can now be installed. ## Description: This update of golang-github-prometheus-prometheus fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2172=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2172=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2172=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * firewalld-prometheus-config-0.1-150100.4.14.1 * golang-github-prometheus-prometheus-2.32.1-150100.4.14.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150100.4.14.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150100.4.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2180-1: important: Security update for skopeo Message-ID: <168382260612.26584.13373363333183543924@smelt2.suse.de> # Security update for skopeo Announcement ID: SUSE-SU-2023:2180-1 Rating: important References: * #1200441 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of skopeo fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2180=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2180=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2180=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2180=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2180=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2180=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2180=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2180=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2180=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2180=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2180=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2180=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2180=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2180=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2180=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2180=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2180=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2180=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Manager Proxy 4.2 (x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 * SUSE CaaS Platform 4.0 (x86_64) * skopeo-0.1.41-150000.4.16.1 * skopeo-debuginfo-0.1.41-150000.4.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2179-1: important: Security update for helm Message-ID: <168382260897.26584.6056614309867009569@smelt2.suse.de> # Security update for helm Announcement ID: SUSE-SU-2023:2179-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one fix can now be installed. ## Description: This update of helm fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2179=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2179=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2179=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2179=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2179=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2179=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2179=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2179=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * openSUSE Leap 15.4 (noarch) * helm-fish-completion-3.11.2-150000.1.21.1 * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * Containers Module 15-SP4 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * SUSE Package Hub 15 15-SP4 (noarch) * helm-fish-completion-3.11.2-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * helm-3.11.2-150000.1.21.1 * helm-debuginfo-3.11.2-150000.1.21.1 * SUSE Enterprise Storage 7.1 (noarch) * helm-zsh-completion-3.11.2-150000.1.21.1 * helm-bash-completion-3.11.2-150000.1.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 20:30:05 -0000 Subject: SUSE-SU-2023:2187-1: moderate: Security update for Prometheus Golang clients Message-ID: <168383700507.9858.414463205452422518@smelt2.suse.de> # Security update for Prometheus Golang clients Announcement ID: SUSE-SU-2023:2187-1 Rating: moderate References: * #1197284 * #1203185 * #1208051 * #1208064 Cross-References: * CVE-2022-27191 * CVE-2022-27664 * CVE-2022-46146 CVSS scores: * CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for golang-github-prometheus-alertmanager and golang-github- prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) golang-github-prometheus-node_exporter: * Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) * Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add "isolated" metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats * Change build requirement to go1.18 or higher (previously this was fixed to version 1.14) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2187=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2187=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2187=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2187=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2187=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2187=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2187=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2187=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2187=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2187=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2187=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2187=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2187=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2187=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2187=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2187=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2187=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2187=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2187=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2187=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2187=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2187=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-alertmanager-0.23.0-150100.4.13.2 * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-alertmanager-0.23.0-150100.4.13.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-alertmanager-0.23.0-150100.4.13.2 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-alertmanager-0.23.0-150100.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Manager Proxy 4.2 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 * SUSE CaaS Platform 4.0 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 ## References: * https://www.suse.com/security/cve/CVE-2022-27191.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1197284 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1208051 * https://bugzilla.suse.com/show_bug.cgi?id=1208064 * https://jira.suse.com/browse/PED-3578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 20:30:08 -0000 Subject: SUSE-SU-2023:2185-1: important: Security update for SUSE Manager Client Tools Message-ID: <168383700879.9858.774236014719021637@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2185-1 Rating: important References: * #1181400 * #1197284 * #1203185 * #1208060 * #1208064 * #1208965 Cross-References: * CVE-2022-27191 * CVE-2022-27664 * CVE-2022-46146 CVSS scores: * CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that solves three vulnerabilities, contains two features and has three fixes can now be installed. ## Description: This update fixes the following issues: prometheus-postgres_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) * Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Add hardening to systemd service(s) (bsc#1181400) * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-node_exporter: * Security issues fixed in this version upgrade to 1.5.0: * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) * Other non-security bug fixes and changes in this version update to 1.5.0: * NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [CHANGE] Default GOMAXPROCS to 1 * [CHANGE] Merge metrics descriptions in textfile collector * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add "isolated" metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-2185=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le x86_64) * golang-github-prometheus-node_exporter-debuginfo-1.5.0-1.6.1 * golang-github-prometheus-node_exporter-1.5.0-1.6.1 * golang-github-prometheus-node_exporter-debugsource-1.5.0-1.6.1 * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64) * prometheus-postgres_exporter-0.10.1-1.6.2 ## References: * https://www.suse.com/security/cve/CVE-2022-27191.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1197284 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1208060 * https://bugzilla.suse.com/show_bug.cgi?id=1208064 * https://bugzilla.suse.com/show_bug.cgi?id=1208965 * https://jira.suse.com/browse/MSQA-663 * https://jira.suse.com/browse/MSQA-665 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 20:30:14 -0000 Subject: SUSE-SU-2023:2183-1: important: Security update for SUSE Manager Client Tools Message-ID: <168383701490.9858.14952003903105683501@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2183-1 Rating: important References: * #1047218 * #1197284 * #1203185 * #1203599 * #1204023 * #1208049 * #1208051 * #1208060 * #1208062 * #1208064 * #1208965 * #1209113 Cross-References: * CVE-2022-27191 * CVE-2022-27664 * CVE-2022-41715 * CVE-2022-46146 CVSS scores: * CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities, contains four features and has eight fixes can now be installed. ## Description: This update fixes the following issues: golang-github-prometheus-alertmanager: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) prometheus-blackbox_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) * Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) * Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-node_exporter: * Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) * Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add "isolated" metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats golang-github-prometheus-prometheus: * Security issues fixed in this version update to 2.37.6 (jsc#PED-3576): * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576): * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type="exemplar" label instead of type="unknown" for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto- gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable- feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write- queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. golang-github-prometheus-promu: * Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576): * [BUGFIX] Set build date from last changelog modification (bsc#1047218) * [BUGFIX] Validate environment variable value * [BUGFIX]Set build date from SOURCE_DATE_EPOCH * [BUGFIX]Make extldflags extensible by configuration. * [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine * [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag * [BUGFIX] Fix git repository url parsing * [CHANGE] Remove ioutil * [CHANGE] Update common Prometheus files * [FEATURE] Add the ability to override tags per GOOS * [FEATURE] Adding changes to support s390x * [FEATURE] Added check_licenses Command to Promu * [ENHANCEMENT] Allow to customize nested options via env variables * [ENHANCEMENT] Add warning if promu info is unable to determine repo info ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2183=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2183=1 * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-2183=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2183=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2183=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2183=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2183=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2183=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2183=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-debuginfo-0.19.0-1.17.1 * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * golang-github-prometheus-prometheus-2.37.6-1.44.3 * golang-github-prometheus-alertmanager-0.23.0-1.18.3 * golang-github-prometheus-promu-0.14.0-1.12.1 * prometheus-blackbox_exporter-0.19.0-1.17.1 * prometheus-postgres_exporter-0.10.1-1.11.5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * golang-github-prometheus-node_exporter-1.5.0-1.24.4 ## References: * https://www.suse.com/security/cve/CVE-2022-27191.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1197284 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1203599 * https://bugzilla.suse.com/show_bug.cgi?id=1204023 * https://bugzilla.suse.com/show_bug.cgi?id=1208049 * https://bugzilla.suse.com/show_bug.cgi?id=1208051 * https://bugzilla.suse.com/show_bug.cgi?id=1208060 * https://bugzilla.suse.com/show_bug.cgi?id=1208062 * https://bugzilla.suse.com/show_bug.cgi?id=1208064 * https://bugzilla.suse.com/show_bug.cgi?id=1208965 * https://bugzilla.suse.com/show_bug.cgi?id=1209113 * https://jira.suse.com/browse/MSQA-663 * https://jira.suse.com/browse/MSQA-665 * https://jira.suse.com/browse/PED-3576 * https://jira.suse.com/browse/PED-3578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 11 20:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2023 20:30:18 -0000 Subject: SUSE-SU-2023:2182-1: important: Security update for SUSE Manager Client Tools Message-ID: <168383701830.9858.3180110964975167859@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2182-1 Rating: important References: * #1203599 * #1204023 * #1208049 * #1208060 * #1208062 * #1208965 * #1209113 Cross-References: * CVE-2022-41715 * CVE-2022-46146 CVSS scores: * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 An update that solves two vulnerabilities, contains three features and has five fixes can now be installed. ## Description: This update fixes the following issues: prometheus-blackbox_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) * Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) * Other non-security bugs fixed and changes: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-prometheus: * Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * Other non-security bugs fixed and changes in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type="exemplar" label instead of type="unknown" for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto- gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable- feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write- queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2182=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2182=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2182=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2182=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2182=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2182=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * prometheus-postgres_exporter-0.10.1-150000.1.11.4 * prometheus-blackbox_exporter-0.19.0-150000.1.17.2 * golang-github-prometheus-promu-0.14.0-150000.3.12.2 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * prometheus-postgres_exporter-0.10.1-150000.1.11.4 * firewalld-prometheus-config-0.1-150000.3.47.2 * golang-github-prometheus-prometheus-2.37.6-150000.3.47.2 * prometheus-blackbox_exporter-0.19.0-150000.1.17.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * prometheus-blackbox_exporter-0.19.0-150000.1.17.2 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.19.0-150000.1.17.2 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.19.0-150000.1.17.2 * SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * prometheus-postgres_exporter-0.10.1-150000.1.11.4 ## References: * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1203599 * https://bugzilla.suse.com/show_bug.cgi?id=1204023 * https://bugzilla.suse.com/show_bug.cgi?id=1208049 * https://bugzilla.suse.com/show_bug.cgi?id=1208060 * https://bugzilla.suse.com/show_bug.cgi?id=1208062 * https://bugzilla.suse.com/show_bug.cgi?id=1208965 * https://bugzilla.suse.com/show_bug.cgi?id=1209113 * https://jira.suse.com/browse/MSQA-663 * https://jira.suse.com/browse/MSQA-665 * https://jira.suse.com/browse/PED-3576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 07:03:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:03:11 +0200 (CEST) Subject: SUSE-CU-2023:1535-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230512070311.042F9F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1535-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.126 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.126 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Fri May 12 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:1536-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230512070333.C0E1AF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1536-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.22 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.22 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated From sle-updates at lists.suse.com Fri May 12 07:06:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:06:48 +0200 (CEST) Subject: SUSE-CU-2023:1537-1: Security update of suse/sle15 Message-ID: <20230512070648.39694F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1537-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.767 Container Release : 6.2.767 Severity : important Type : security References : 1200441 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.28.1 updated From sle-updates at lists.suse.com Fri May 12 07:08:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:08:57 +0200 (CEST) Subject: SUSE-CU-2023:1538-1: Security update of suse/sle15 Message-ID: <20230512070857.8C893F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1538-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.295 Container Release : 9.5.295 Severity : important Type : security References : 1200441 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.28.1 updated From sle-updates at lists.suse.com Fri May 12 07:10:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:10:20 +0200 (CEST) Subject: SUSE-CU-2023:1540-1: Security update of bci/openjdk-devel Message-ID: <20230512071020.41151F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1540-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.97 Container Release : 39.97 Severity : important Type : security References : 1193795 1206513 1207014 1210434 CVE-2021-42550 CVE-2023-29491 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2097-1 Released: Thu May 4 09:11:06 2023 Summary: Security update for maven and recommended update for antlr3, minlog, sbt, xmvn Type: security Severity: important References: 1193795,CVE-2021-42550 This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: - Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217): * Security fixes: + CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795) * Bug fixes: + Fix resolver session containing non-MavenWorkspaceReader + Fix for multiple maven instances working on same source tree that can lock each other + Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back + Fix IllegalStateException in SessionScope during guice injection in multithreaded build + Revert MNG-7347 (SessionScoped beans should be singletons for a given session) + Fix compilation failure with relocated transitive dependency + Fix deadlock during forked lifecycle executions + Fix issue with resolving dependencies between submodules * New features and improvements: + Create a multiline message helper for boxed log messages + Display a warning when an aggregator mojo is locking other mojo executions + Align Assembly Descriptor NS versions * Dependency upgrades: + Upgrade SLF4J to 1.7.36 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Utils to 3.3.1 - Move mvn.1 from bin to man directory antlr3: - Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217): * Change source compatibility to 1.8 and enable github workflows * Change Wiki URLs to theantlrguy.atlassian.net in README.txt * Add Bazel support - Remove enforcer plugin as it is not needed in a controlled environment minlog: - Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217): * Use currentTimeMillis * Use 3-Clause BSD * Use Java 7 JDK. sbt: - Fix build issues with maven 3.8.6 (jsc#SLE-23217) xmvn: - Remove RPM package build dependency on easymock (jsc#SLE-23217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:2165-1 Released: Wed May 10 20:16:54 2023 Summary: Optional update for junit Type: optional Severity: moderate References: This update for junit fixes the following issues: - Conditionalize the build instructions so that junit can be built with both hamcrest 1.3 and 2.2 from the same sources (jsc#SLE-23217) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - junit-4.13.2-150200.3.8.1 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - maven-lib-3.8.6-150200.4.9.8 updated - maven-3.8.6-150200.4.9.8 updated - container:bci-openjdk-11-15.4.11-35.50 updated From sle-updates at lists.suse.com Fri May 12 07:12:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:12:26 +0200 (CEST) Subject: SUSE-CU-2023:1544-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230512071226.96974F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1544-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.389 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.389 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-17.20.135 updated From sle-updates at lists.suse.com Fri May 12 07:12:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 09:12:55 +0200 (CEST) Subject: SUSE-CU-2023:1545-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230512071255.670A9F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1545-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.211 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.211 Severity : moderate Type : security References : 1206513 1209122 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libncurses6-6.1-150000.5.15.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libz1-1.2.11-150000.3.42.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - procps-3.3.15-150000.7.31.1 updated - terminfo-base-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-17.20.135 updated From sle-updates at lists.suse.com Fri May 12 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 08:30:01 -0000 Subject: SUSE-RU-2023:2191-1: important: Recommended update for nfs-utils Message-ID: <168388020185.10777.3859117527815377709@smelt2.suse.de> # Recommended update for nfs-utils Announcement ID: SUSE-RU-2023:2191-1 Rating: important References: * #1209859 * #1210136 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for nfs-utils fixes the following issues: * Fix regression causing a memory access violation error when mounting a NFS file system with `rpc-gssd.service` enabled (bsc#1210136) * Fix typo in the man pages section on "scope" (bsc#1209859) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2191=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2191=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2191=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nfs-utils-debugsource-1.3.0-34.47.1 * nfs-kernel-server-1.3.0-34.47.1 * nfs-doc-1.3.0-34.47.1 * nfs-kernel-server-debuginfo-1.3.0-34.47.1 * nfs-client-1.3.0-34.47.1 * nfs-client-debuginfo-1.3.0-34.47.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nfs-utils-debugsource-1.3.0-34.47.1 * nfs-kernel-server-1.3.0-34.47.1 * nfs-doc-1.3.0-34.47.1 * nfs-kernel-server-debuginfo-1.3.0-34.47.1 * nfs-client-1.3.0-34.47.1 * nfs-client-debuginfo-1.3.0-34.47.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nfs-utils-debugsource-1.3.0-34.47.1 * nfs-kernel-server-1.3.0-34.47.1 * nfs-doc-1.3.0-34.47.1 * nfs-kernel-server-debuginfo-1.3.0-34.47.1 * nfs-client-1.3.0-34.47.1 * nfs-client-debuginfo-1.3.0-34.47.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209859 * https://bugzilla.suse.com/show_bug.cgi?id=1210136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 08:30:04 -0000 Subject: SUSE-RU-2023:2190-1: important: Recommended update for python-urlgrabber Message-ID: <168388020426.10777.7314253940962885385@smelt2.suse.de> # Recommended update for python-urlgrabber Announcement ID: SUSE-RU-2023:2190-1 Rating: important References: * #1208288 Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for python-urlgrabber fixes the following issues: * Raise proper exception from urlgrab() when local file is not found (bsc#1208288) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2190=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2190=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-urlgrabber-4.1.0-150400.4.9.1 * Legacy Module 15-SP4 (noarch) * python3-urlgrabber-4.1.0-150400.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208288 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2189-1: important: Recommended update for autofs Message-ID: <168388020717.10777.17614866245607680395@smelt2.suse.de> # Recommended update for autofs Announcement ID: SUSE-RU-2023:2189-1 Rating: important References: * #1209653 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for autofs fixes the following issues: * Fix off-by-one error in recursive map handling (bsc#1209653) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2189=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2189=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2189=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * autofs-5.1.3-3.14.1 * autofs-debugsource-5.1.3-3.14.1 * autofs-debuginfo-5.1.3-3.14.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * autofs-5.1.3-3.14.1 * autofs-debugsource-5.1.3-3.14.1 * autofs-debuginfo-5.1.3-3.14.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * autofs-5.1.3-3.14.1 * autofs-debugsource-5.1.3-3.14.1 * autofs-debuginfo-5.1.3-3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209653 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 08:30:08 -0000 Subject: SUSE-RU-2023:2188-1: important: Recommended update for autofs Message-ID: <168388020863.10777.5362391868127565816@smelt2.suse.de> # Recommended update for autofs Announcement ID: SUSE-RU-2023:2188-1 Rating: important References: * #1209653 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for autofs fixes the following issues: * Fix off-by-one error in recursive map handling (bsc#1209653) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2188=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2188=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2188=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * autofs-debugsource-5.1.3-150000.7.14.1 * autofs-5.1.3-150000.7.14.1 * autofs-debuginfo-5.1.3-150000.7.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * autofs-debugsource-5.1.3-150000.7.14.1 * autofs-5.1.3-150000.7.14.1 * autofs-debuginfo-5.1.3-150000.7.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * autofs-debugsource-5.1.3-150000.7.14.1 * autofs-5.1.3-150000.7.14.1 * autofs-debuginfo-5.1.3-150000.7.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209653 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 12:30:05 -0000 Subject: SUSE-RU-2023:2193-1: moderate: Recommended update for snapper Message-ID: <168389460521.4532.18130580893948305105@smelt2.suse.de> # Recommended update for snapper Announcement ID: SUSE-RU-2023:2193-1 Rating: moderate References: * #1210150 * #1210151 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for snapper fixes the following issues: * avoid stale btrfs qgroups on transactional systems (bsc#1210151) * wait for existing btrfs quota rescans to finish (bsc#1210150) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2193=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2193=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2193=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2193=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2193=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2193=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2193=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2193=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2193=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2193=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2193=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pam_snapper-debuginfo-0.8.16-150300.3.3.1 * libsnapper-devel-0.8.16-150300.3.3.1 * snapper-0.8.16-150300.3.3.1 * pam_snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * snapper-testsuite-debuginfo-0.8.16-150300.3.3.1 * snapper-zypp-plugin-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * snapper-testsuite-0.8.16-150300.3.3.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pam_snapper-debuginfo-0.8.16-150300.3.3.1 * libsnapper-devel-0.8.16-150300.3.3.1 * snapper-0.8.16-150300.3.3.1 * pam_snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * snapper-zypp-plugin-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * pam_snapper-debuginfo-0.8.16-150300.3.3.1 * libsnapper-devel-0.8.16-150300.3.3.1 * snapper-0.8.16-150300.3.3.1 * pam_snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * snapper-zypp-plugin-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.3.1 * snapper-debuginfo-0.8.16-150300.3.3.1 * snapper-debugsource-0.8.16-150300.3.3.1 * libsnapper5-debuginfo-0.8.16-150300.3.3.1 * libsnapper5-0.8.16-150300.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210150 * https://bugzilla.suse.com/show_bug.cgi?id=1210151 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 12:30:06 -0000 Subject: SUSE-FU-2023:2192-1: moderate: Feature update for python311, python311-pip, python311-setuptools Message-ID: <168389460634.4532.3268838783296251280@smelt2.suse.de> # Feature update for python311, python311-pip, python311-setuptools Announcement ID: SUSE-FU-2023:2192-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This release of python311, python311-pip, python311-setuptools adds the following feature: * Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2192=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2192=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2192=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2192=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2192=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2192=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2192=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2192=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.3.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python311-debugsource-3.11.2-150400.9.5.3 * python311-tools-3.11.2-150400.9.5.6 * python311-testsuite-debuginfo-3.11.2-150400.9.5.6 * python311-dbm-3.11.2-150400.9.5.3 * python311-doc-3.11.2-150400.9.5.9 * python311-tk-3.11.2-150400.9.5.3 * python311-base-3.11.2-150400.9.5.6 * python311-curses-debuginfo-3.11.2-150400.9.5.3 * python311-testsuite-3.11.2-150400.9.5.6 * python311-base-debuginfo-3.11.2-150400.9.5.6 * python311-devel-3.11.2-150400.9.5.6 * python311-idle-3.11.2-150400.9.5.3 * python311-core-debugsource-3.11.2-150400.9.5.6 * python311-debuginfo-3.11.2-150400.9.5.3 * libpython3_11-1_0-debuginfo-3.11.2-150400.9.5.6 * python311-curses-3.11.2-150400.9.5.3 * python311-doc-devhelp-3.11.2-150400.9.5.9 * python311-dbm-debuginfo-3.11.2-150400.9.5.3 * python311-tk-debuginfo-3.11.2-150400.9.5.3 * python311-3.11.2-150400.9.5.3 * libpython3_11-1_0-3.11.2-150400.9.5.6 * openSUSE Leap 15.4 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.2-150400.9.5.6 * libpython3_11-1_0-32bit-3.11.2-150400.9.5.6 * python311-base-32bit-debuginfo-3.11.2-150400.9.5.6 * python311-base-32bit-3.11.2-150400.9.5.6 * python311-32bit-debuginfo-3.11.2-150400.9.5.3 * python311-32bit-3.11.2-150400.9.5.3 * openSUSE Leap 15.4 (noarch) * python3-setuptools-test-44.1.1-150400.9.3.3 * python3-setuptools-44.1.1-150400.9.3.3 * python3-pip-20.0.2-150400.20.1 * python3-pip-wheel-20.0.2-150400.20.1 * python311-pip-22.3.1-150400.17.3.1 * python311-setuptools-67.7.2-150400.3.6.1 * python3-setuptools-wheel-44.1.1-150400.9.3.3 * python3-pip-test-20.0.2-150400.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.3.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.3.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.3.3 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.3.3 * Basesystem Module 15-SP4 (noarch) * python3-setuptools-test-44.1.1-150400.9.3.3 * python3-setuptools-44.1.1-150400.9.3.3 * python3-pip-20.0.2-150400.20.1 * python3-pip-wheel-20.0.2-150400.20.1 * python3-setuptools-wheel-44.1.1-150400.9.3.3 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-dbm-debuginfo-3.11.2-150400.9.5.3 * python311-base-debuginfo-3.11.2-150400.9.5.6 * python311-debugsource-3.11.2-150400.9.5.3 * python311-idle-3.11.2-150400.9.5.3 * python311-core-debugsource-3.11.2-150400.9.5.6 * python311-tools-3.11.2-150400.9.5.6 * python311-devel-3.11.2-150400.9.5.6 * python311-debuginfo-3.11.2-150400.9.5.3 * libpython3_11-1_0-debuginfo-3.11.2-150400.9.5.6 * python311-curses-3.11.2-150400.9.5.3 * python311-dbm-3.11.2-150400.9.5.3 * python311-doc-3.11.2-150400.9.5.9 * python311-tk-debuginfo-3.11.2-150400.9.5.3 * python311-3.11.2-150400.9.5.3 * python311-doc-devhelp-3.11.2-150400.9.5.9 * python311-tk-3.11.2-150400.9.5.3 * libpython3_11-1_0-3.11.2-150400.9.5.6 * python311-base-3.11.2-150400.9.5.6 * python311-curses-debuginfo-3.11.2-150400.9.5.3 * Python 3 Module 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.6.1 * python311-pip-22.3.1-150400.17.3.1 ## References: * https://jira.suse.com/browse/PED-2634 * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 12 12:40:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:40:29 +0200 (CEST) Subject: SUSE-CU-2023:1546-1: Security update of rancher/elemental-builder-image/5.3 Message-ID: <20230512124029.211B1FBAF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-builder-image/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1546-1 Container Tags : rancher/elemental-builder-image/5.3:0.2.5 , rancher/elemental-builder-image/5.3:0.2.5-4.2.19 , rancher/elemental-builder-image/5.3:latest Container Release : 4.2.19 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Fri May 12 12:40:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:40:33 +0200 (CEST) Subject: SUSE-CU-2023:1547-1: Security update of rancher/elemental-teal/5.3 Message-ID: <20230512124033.8F08DFBAF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1547-1 Container Tags : rancher/elemental-teal/5.3:1.1.4 , rancher/elemental-teal/5.3:1.1.4-3.2.30 , rancher/elemental-teal/5.3:latest Container Release : 3.2.30 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/elemental-teal/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - libgobject-2_0-0-2.70.5-150400.3.8.1 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - shadow-4.8.1-150400.10.6.1 updated - libgio-2_0-0-2.70.5-150400.3.8.1 updated - glib2-tools-2.70.5-150400.3.8.1 updated - container:micro-for-rancher-image-5.3.0-7.2.150 updated From sle-updates at lists.suse.com Fri May 12 12:40:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:40:36 +0200 (CEST) Subject: SUSE-CU-2023:1548-1: Security update of rancher/elemental-operator/5.3 Message-ID: <20230512124036.C3F2EFBAF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1548-1 Container Tags : rancher/elemental-operator/5.3:1.2.2 , rancher/elemental-operator/5.3:1.2.2-3.2.18 , rancher/elemental-operator/5.3:latest Container Release : 3.2.18 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/elemental-operator/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Fri May 12 12:40:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:40:39 +0200 (CEST) Subject: SUSE-CU-2023:1549-1: Security update of rancher/seedimage-builder/5.3 Message-ID: <20230512124039.6D65BFBAF@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1549-1 Container Tags : rancher/seedimage-builder/5.3:1.2.2 , rancher/seedimage-builder/5.3:1.2.2-2.2.18 , rancher/seedimage-builder/5.3:latest Container Release : 2.2.18 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Fri May 12 12:42:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:42:59 +0200 (CEST) Subject: SUSE-CU-2023:1550-1: Security update of suse/sle15 Message-ID: <20230512124259.ED042FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1550-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.136 , suse/sle15:15.3 , suse/sle15:15.3.17.20.136 Container Release : 17.20.136 Severity : important Type : security References : 1200441 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.28.1 updated From sle-updates at lists.suse.com Fri May 12 12:47:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:47:44 +0200 (CEST) Subject: SUSE-CU-2023:1557-1: Security update of bci/nodejs Message-ID: <20230512124744.811D8FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1557-1 Container Tags : bci/node:18 , bci/node:18-3.49 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.49 , bci/nodejs:latest Container Release : 3.49 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Fri May 12 12:48:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:48:20 +0200 (CEST) Subject: SUSE-CU-2023:1558-1: Security update of bci/openjdk-devel Message-ID: <20230512124820.7D58AFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1558-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.96 , bci/openjdk-devel:latest Container Release : 14.96 Severity : important Type : security References : 1206513 1207014 1209333 1210434 1210628 1210631 1210632 1210634 1210635 1210636 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-29491 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2110-1 Released: Fri May 5 14:10:21 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1209333,1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: - Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:2165-1 Released: Wed May 10 20:16:54 2023 Summary: Optional update for junit Type: optional Severity: moderate References: This update for junit fixes the following issues: - Conditionalize the build instructions so that junit can be built with both hamcrest 1.3 and 2.2 from the same sources (jsc#SLE-23217) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.18.2 updated - java-17-openjdk-17.0.7.0-150400.3.18.2 updated - java-17-openjdk-devel-17.0.7.0-150400.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - junit-4.13.2-150200.3.8.1 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:bci-openjdk-17-15.4.17-13.51 updated From sle-updates at lists.suse.com Fri May 12 12:50:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 May 2023 14:50:58 +0200 (CEST) Subject: SUSE-CU-2023:1566-1: Security update of suse/sle15 Message-ID: <20230512125058.3D3E1FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1566-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.60 , suse/sle15:15.4 , suse/sle15:15.4.27.14.60 Container Release : 27.14.60 Severity : important Type : security References : 1200441 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.28.1 updated From sle-updates at lists.suse.com Sat May 13 07:03:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 May 2023 09:03:50 +0200 (CEST) Subject: SUSE-CU-2023:1570-1: Recommended update of suse/389-ds Message-ID: <20230513070350.A2108F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1570-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.30 , suse/389-ds:latest Container Release : 21.30 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.3.3 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Sat May 13 07:06:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 May 2023 09:06:26 +0200 (CEST) Subject: SUSE-CU-2023:1574-1: Recommended update of bci/python Message-ID: <20230513070626.117CDF7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1574-1 Container Tags : bci/python:3 , bci/python:3-35.47 , bci/python:3.6 , bci/python:3.6-35.47 Container Release : 35.47 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.3.3 updated - python3-pip-20.0.2-150400.20.1 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Sat May 13 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 May 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:1575-1: Security update of bci/python Message-ID: <20230513070631.D2913F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1575-1 Container Tags : bci/python:3 , bci/python:3-2.61 , bci/python:3.11 , bci/python:3.11-2.61 Container Release : 2.61 Severity : important Type : security References : 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) The following package changes have been done: - libz1-1.2.13-150500.2.1 updated - libuuid1-2.37.4-150500.7.14 updated - libsmartcols1-2.37.4-150500.7.14 updated - libblkid1-2.37.4-150500.7.14 updated - libgcrypt20-1.9.4-150500.10.18 updated - libgcrypt20-hmac-1.9.4-150500.10.18 updated - libfdisk1-2.37.4-150500.7.14 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.3 updated - libopenssl1_1-hmac-1.1.1l-150500.15.3 updated - libmount1-2.37.4-150500.7.14 updated - krb5-1.20.1-150500.1.2 updated - sles-release-15.5-150500.43.2 updated - util-linux-2.37.4-150500.7.14 updated - openssl-1_1-1.1.1l-150500.15.3 updated - openssh-common-8.4p1-150300.3.18.2 updated - libpython3_11-1_0-3.11.2-150400.9.5.6 updated - python311-base-3.11.2-150400.9.5.6 updated - python311-setuptools-67.7.2-150400.3.6.1 updated - python311-pip-22.3.1-150400.17.3.1 updated - python311-3.11.2-150400.9.5.3 updated - openssh-fips-8.4p1-150300.3.18.2 updated - python311-devel-3.11.2-150400.9.5.6 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-35.2.44 updated From sle-updates at lists.suse.com Mon May 15 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2207-1: important: Security update for postgresql15 Message-ID: <168415380456.32518.15572587840628431026@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:2207-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql15 fixes the following issues: Updated to version 15.3: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2207=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2207=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2207=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2207=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2207=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2207=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2207=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2207=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2207=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2207=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-llvmjit-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-test-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-llvmjit-debuginfo-15.3-150200.5.9.1 * postgresql15-llvmjit-devel-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * openSUSE Leap 15.4 (x86_64) * libecpg6-32bit-15.3-150200.5.9.1 * libpq5-32bit-debuginfo-15.3-150200.5.9.1 * libecpg6-32bit-debuginfo-15.3-150200.5.9.1 * libpq5-32bit-15.3-150200.5.9.1 * openSUSE Leap 15.4 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-llvmjit-debuginfo-15.3-150200.5.9.1 * postgresql15-llvmjit-15.3-150200.5.9.1 * postgresql15-llvmjit-devel-15.3-150200.5.9.1 * postgresql15-test-15.3-150200.5.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * Server Applications Module 15-SP4 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * Server Applications Module 15-SP4 (ppc64le) * postgresql15-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libecpg6-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-debuginfo-15.3-150200.5.9.1 * libpq5-32bit-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libecpg6-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-debuginfo-15.3-150200.5.9.1 * libpq5-32bit-15.3-150200.5.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libecpg6-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libpq5-32bit-debuginfo-15.3-150200.5.9.1 * libpq5-32bit-15.3-150200.5.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Manager Server 4.2 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql15-15.3-150200.5.9.1 * postgresql15-pltcl-debuginfo-15.3-150200.5.9.1 * postgresql15-pltcl-15.3-150200.5.9.1 * postgresql15-server-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * postgresql15-server-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-debuginfo-15.3-150200.5.9.1 * postgresql15-server-devel-15.3-150200.5.9.1 * postgresql15-server-devel-debuginfo-15.3-150200.5.9.1 * postgresql15-debugsource-15.3-150200.5.9.1 * postgresql15-plperl-15.3-150200.5.9.1 * postgresql15-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-debuginfo-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * postgresql15-contrib-debuginfo-15.3-150200.5.9.1 * postgresql15-devel-15.3-150200.5.9.1 * postgresql15-contrib-15.3-150200.5.9.1 * libecpg6-15.3-150200.5.9.1 * postgresql15-plperl-debuginfo-15.3-150200.5.9.1 * postgresql15-plpython-15.3-150200.5.9.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql15-docs-15.3-150200.5.9.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libecpg6-15.3-150200.5.9.1 * libecpg6-debuginfo-15.3-150200.5.9.1 * libpq5-15.3-150200.5.9.1 * libpq5-debuginfo-15.3-150200.5.9.1 * SUSE Enterprise Storage 7 (x86_64) * libpq5-32bit-debuginfo-15.3-150200.5.9.1 * libpq5-32bit-15.3-150200.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2206-1: important: Security update for postgresql15 Message-ID: <168415380692.32518.1008232029859619938@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:2206-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql15 fixes the following issues: Updated to version 15.3: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2206=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2206=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2206=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2206=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2206=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2206=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2206=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2206=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2206=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2206=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * libecpg6-15.3-3.9.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * libecpg6-15.3-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libpq5-15.3-3.9.1 * libecpg6-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-server-devel-15.3-3.9.1 * postgresql15-server-devel-debuginfo-15.3-3.9.1 * postgresql15-devel-debuginfo-15.3-3.9.1 * postgresql15-devel-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * libecpg6-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libpq5-15.3-3.9.1 * libecpg6-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libpq5-15.3-3.9.1 * libecpg6-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpq5-15.3-3.9.1 * postgresql15-debugsource-15.3-3.9.1 * postgresql15-plperl-15.3-3.9.1 * postgresql15-server-debuginfo-15.3-3.9.1 * postgresql15-debuginfo-15.3-3.9.1 * postgresql15-plpython-15.3-3.9.1 * postgresql15-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * postgresql15-contrib-debuginfo-15.3-3.9.1 * postgresql15-plpython-debuginfo-15.3-3.9.1 * postgresql15-pltcl-debuginfo-15.3-3.9.1 * postgresql15-plperl-debuginfo-15.3-3.9.1 * postgresql15-contrib-15.3-3.9.1 * postgresql15-pltcl-15.3-3.9.1 * libecpg6-15.3-3.9.1 * postgresql15-server-15.3-3.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql15-docs-15.3-3.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libecpg6-32bit-15.3-3.9.1 * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libecpg6-debuginfo-32bit-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpq5-15.3-3.9.1 * postgresql15-debugsource-15.3-3.9.1 * postgresql15-plperl-15.3-3.9.1 * postgresql15-server-debuginfo-15.3-3.9.1 * postgresql15-debuginfo-15.3-3.9.1 * postgresql15-plpython-15.3-3.9.1 * postgresql15-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * postgresql15-contrib-debuginfo-15.3-3.9.1 * postgresql15-plpython-debuginfo-15.3-3.9.1 * postgresql15-pltcl-debuginfo-15.3-3.9.1 * postgresql15-plperl-debuginfo-15.3-3.9.1 * postgresql15-contrib-15.3-3.9.1 * postgresql15-pltcl-15.3-3.9.1 * libecpg6-15.3-3.9.1 * postgresql15-server-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql15-docs-15.3-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libecpg6-32bit-15.3-3.9.1 * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libecpg6-debuginfo-32bit-15.3-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpq5-15.3-3.9.1 * postgresql15-debugsource-15.3-3.9.1 * postgresql15-plperl-15.3-3.9.1 * postgresql15-server-debuginfo-15.3-3.9.1 * postgresql15-debuginfo-15.3-3.9.1 * postgresql15-plpython-15.3-3.9.1 * postgresql15-15.3-3.9.1 * libpq5-debuginfo-15.3-3.9.1 * libecpg6-debuginfo-15.3-3.9.1 * postgresql15-contrib-debuginfo-15.3-3.9.1 * postgresql15-plpython-debuginfo-15.3-3.9.1 * postgresql15-pltcl-debuginfo-15.3-3.9.1 * postgresql15-plperl-debuginfo-15.3-3.9.1 * postgresql15-contrib-15.3-3.9.1 * postgresql15-pltcl-15.3-3.9.1 * libecpg6-15.3-3.9.1 * postgresql15-server-15.3-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql15-docs-15.3-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libecpg6-32bit-15.3-3.9.1 * libpq5-32bit-15.3-3.9.1 * libpq5-debuginfo-32bit-15.3-3.9.1 * libecpg6-debuginfo-32bit-15.3-3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2205-1: important: Security update for postgresql14 Message-ID: <168415380962.32518.9342024031393186562@smelt2.suse.de> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:2205-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql14 fixes the following issues: Updated to version 14.8: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2205=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2205=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2205=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2205=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2205=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2205=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2205=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2205=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2205=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2205=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2205=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2205=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2205=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2205=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2205=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2205=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2205=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-llvmjit-14.8-150200.5.26.1 * postgresql14-llvmjit-devel-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-llvmjit-debuginfo-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * postgresql14-test-14.8-150200.5.26.1 * openSUSE Leap 15.4 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-test-14.8-150200.5.26.1 * postgresql14-llvmjit-devel-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-llvmjit-debuginfo-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-llvmjit-14.8-150200.5.26.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * Server Applications Module 15-SP4 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Manager Server 4.2 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql14-docs-14.8-150200.5.26.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * postgresql14-server-devel-14.8-150200.5.26.1 * postgresql14-plperl-14.8-150200.5.26.1 * postgresql14-contrib-14.8-150200.5.26.1 * postgresql14-server-debuginfo-14.8-150200.5.26.1 * postgresql14-server-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-contrib-debuginfo-14.8-150200.5.26.1 * postgresql14-devel-debuginfo-14.8-150200.5.26.1 * postgresql14-plperl-debuginfo-14.8-150200.5.26.1 * postgresql14-debugsource-14.8-150200.5.26.1 * postgresql14-14.8-150200.5.26.1 * postgresql14-plpython-14.8-150200.5.26.1 * postgresql14-plpython-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-debuginfo-14.8-150200.5.26.1 * postgresql14-server-14.8-150200.5.26.1 * postgresql14-devel-14.8-150200.5.26.1 * postgresql14-debuginfo-14.8-150200.5.26.1 * postgresql14-pltcl-14.8-150200.5.26.1 * SUSE Enterprise Storage 7 (noarch) * postgresql14-docs-14.8-150200.5.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:12 -0000 Subject: SUSE-SU-2023:2203-1: moderate: Security update for gradle Message-ID: <168415381278.32518.15808128806223189042@smelt2.suse.de> # Security update for gradle Announcement ID: SUSE-SU-2023:2203-1 Rating: moderate References: * #1188569 Cross-References: * CVE-2021-32751 CVSS scores: * CVE-2021-32751 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2021-32751 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gradle fixes the following issues: * CVE-2021-32751: Fixed arbitrary code execution in `application` plugin and the `gradlew` script (bsc#1188569). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2203=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2203=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2203=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.10.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gradle-4.4.1-150200.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2021-32751.html * https://bugzilla.suse.com/show_bug.cgi?id=1188569 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:14 -0000 Subject: SUSE-SU-2023:2202-1: important: Security update for postgresql14 Message-ID: <168415381494.32518.17300739585731835419@smelt2.suse.de> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:2202-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql14 fixes the following issues: Updated to version 14.8: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2202=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2202=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2202=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2202=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.8-3.23.1 * postgresql14-devel-14.8-3.23.1 * postgresql14-debugsource-14.8-3.23.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql14-server-devel-debuginfo-14.8-3.23.1 * postgresql14-server-devel-14.8-3.23.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql14-plperl-debuginfo-14.8-3.23.1 * postgresql14-debugsource-14.8-3.23.1 * postgresql14-pltcl-14.8-3.23.1 * postgresql14-plpython-14.8-3.23.1 * postgresql14-plperl-14.8-3.23.1 * postgresql14-debuginfo-14.8-3.23.1 * postgresql14-server-14.8-3.23.1 * postgresql14-server-debuginfo-14.8-3.23.1 * postgresql14-14.8-3.23.1 * postgresql14-contrib-debuginfo-14.8-3.23.1 * postgresql14-contrib-14.8-3.23.1 * postgresql14-pltcl-debuginfo-14.8-3.23.1 * postgresql14-plpython-debuginfo-14.8-3.23.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql14-docs-14.8-3.23.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-plperl-debuginfo-14.8-3.23.1 * postgresql14-debugsource-14.8-3.23.1 * postgresql14-pltcl-14.8-3.23.1 * postgresql14-plpython-14.8-3.23.1 * postgresql14-plperl-14.8-3.23.1 * postgresql14-debuginfo-14.8-3.23.1 * postgresql14-server-14.8-3.23.1 * postgresql14-server-debuginfo-14.8-3.23.1 * postgresql14-14.8-3.23.1 * postgresql14-contrib-debuginfo-14.8-3.23.1 * postgresql14-contrib-14.8-3.23.1 * postgresql14-pltcl-debuginfo-14.8-3.23.1 * postgresql14-plpython-debuginfo-14.8-3.23.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql14-docs-14.8-3.23.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql14-plperl-debuginfo-14.8-3.23.1 * postgresql14-debugsource-14.8-3.23.1 * postgresql14-pltcl-14.8-3.23.1 * postgresql14-plpython-14.8-3.23.1 * postgresql14-plperl-14.8-3.23.1 * postgresql14-debuginfo-14.8-3.23.1 * postgresql14-server-14.8-3.23.1 * postgresql14-server-debuginfo-14.8-3.23.1 * postgresql14-14.8-3.23.1 * postgresql14-contrib-debuginfo-14.8-3.23.1 * postgresql14-contrib-14.8-3.23.1 * postgresql14-pltcl-debuginfo-14.8-3.23.1 * postgresql14-plpython-debuginfo-14.8-3.23.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql14-docs-14.8-3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:17 -0000 Subject: SUSE-SU-2023:2201-1: important: Security update for postgresql13 Message-ID: <168415381784.32518.10008982110304514114@smelt2.suse.de> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:2201-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql13 fixes the following issues: Updated to version 13.11: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2201=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2201=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2201=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2201=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.11-3.33.1 * postgresql13-devel-13.11-3.33.1 * postgresql13-devel-debuginfo-13.11-3.33.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql13-server-devel-debuginfo-13.11-3.33.1 * postgresql13-server-devel-13.11-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql13-server-13.11-3.33.1 * postgresql13-pltcl-13.11-3.33.1 * postgresql13-13.11-3.33.1 * postgresql13-debugsource-13.11-3.33.1 * postgresql13-plpython-13.11-3.33.1 * postgresql13-plperl-13.11-3.33.1 * postgresql13-server-debuginfo-13.11-3.33.1 * postgresql13-contrib-13.11-3.33.1 * postgresql13-plperl-debuginfo-13.11-3.33.1 * postgresql13-plpython-debuginfo-13.11-3.33.1 * postgresql13-pltcl-debuginfo-13.11-3.33.1 * postgresql13-debuginfo-13.11-3.33.1 * postgresql13-contrib-debuginfo-13.11-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql13-docs-13.11-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-server-13.11-3.33.1 * postgresql13-pltcl-13.11-3.33.1 * postgresql13-13.11-3.33.1 * postgresql13-debugsource-13.11-3.33.1 * postgresql13-plpython-13.11-3.33.1 * postgresql13-plperl-13.11-3.33.1 * postgresql13-server-debuginfo-13.11-3.33.1 * postgresql13-contrib-13.11-3.33.1 * postgresql13-plperl-debuginfo-13.11-3.33.1 * postgresql13-plpython-debuginfo-13.11-3.33.1 * postgresql13-pltcl-debuginfo-13.11-3.33.1 * postgresql13-debuginfo-13.11-3.33.1 * postgresql13-contrib-debuginfo-13.11-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql13-docs-13.11-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql13-server-13.11-3.33.1 * postgresql13-pltcl-13.11-3.33.1 * postgresql13-13.11-3.33.1 * postgresql13-debugsource-13.11-3.33.1 * postgresql13-plpython-13.11-3.33.1 * postgresql13-plperl-13.11-3.33.1 * postgresql13-server-debuginfo-13.11-3.33.1 * postgresql13-contrib-13.11-3.33.1 * postgresql13-plperl-debuginfo-13.11-3.33.1 * postgresql13-plpython-debuginfo-13.11-3.33.1 * postgresql13-pltcl-debuginfo-13.11-3.33.1 * postgresql13-debuginfo-13.11-3.33.1 * postgresql13-contrib-debuginfo-13.11-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql13-docs-13.11-3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:19 -0000 Subject: SUSE-SU-2023:2200-1: important: Security update for postgresql12 Message-ID: <168415381990.32518.1589271665504242758@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:2200-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql12 fixes the following issues: Updated to version 12.15: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2200=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2200=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2200=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2200=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-debugsource-12.15-3.39.1 * postgresql12-devel-debuginfo-12.15-3.39.1 * postgresql12-devel-12.15-3.39.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql12-server-devel-12.15-3.39.1 * postgresql12-server-devel-debuginfo-12.15-3.39.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql12-debugsource-12.15-3.39.1 * postgresql12-contrib-12.15-3.39.1 * postgresql12-plperl-debuginfo-12.15-3.39.1 * postgresql12-pltcl-debuginfo-12.15-3.39.1 * postgresql12-plperl-12.15-3.39.1 * postgresql12-debuginfo-12.15-3.39.1 * postgresql12-server-12.15-3.39.1 * postgresql12-pltcl-12.15-3.39.1 * postgresql12-contrib-debuginfo-12.15-3.39.1 * postgresql12-12.15-3.39.1 * postgresql12-plpython-12.15-3.39.1 * postgresql12-plpython-debuginfo-12.15-3.39.1 * postgresql12-server-debuginfo-12.15-3.39.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql12-docs-12.15-3.39.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-debugsource-12.15-3.39.1 * postgresql12-contrib-12.15-3.39.1 * postgresql12-plperl-debuginfo-12.15-3.39.1 * postgresql12-pltcl-debuginfo-12.15-3.39.1 * postgresql12-plperl-12.15-3.39.1 * postgresql12-debuginfo-12.15-3.39.1 * postgresql12-server-12.15-3.39.1 * postgresql12-pltcl-12.15-3.39.1 * postgresql12-contrib-debuginfo-12.15-3.39.1 * postgresql12-12.15-3.39.1 * postgresql12-plpython-12.15-3.39.1 * postgresql12-plpython-debuginfo-12.15-3.39.1 * postgresql12-server-debuginfo-12.15-3.39.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql12-docs-12.15-3.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql12-debugsource-12.15-3.39.1 * postgresql12-contrib-12.15-3.39.1 * postgresql12-plperl-debuginfo-12.15-3.39.1 * postgresql12-pltcl-debuginfo-12.15-3.39.1 * postgresql12-plperl-12.15-3.39.1 * postgresql12-debuginfo-12.15-3.39.1 * postgresql12-server-12.15-3.39.1 * postgresql12-pltcl-12.15-3.39.1 * postgresql12-contrib-debuginfo-12.15-3.39.1 * postgresql12-12.15-3.39.1 * postgresql12-plpython-12.15-3.39.1 * postgresql12-plpython-debuginfo-12.15-3.39.1 * postgresql12-server-debuginfo-12.15-3.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql12-docs-12.15-3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:22 -0000 Subject: SUSE-SU-2023:2199-1: important: Security update for postgresql12 Message-ID: <168415382221.32518.17229300155622990602@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:2199-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql12 fixes the following issues: Updated to version 12.15: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2199=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2199=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2199=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2199=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2199=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2199=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2199=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2199=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2199=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2199=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-llvmjit-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-llvmjit-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-test-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-llvmjit-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * openSUSE Leap 15.4 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql12-docs-12.15-150200.8.44.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * postgresql12-pltcl-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-debuginfo-12.15-150200.8.44.1 * postgresql12-12.15-150200.8.44.1 * postgresql12-plperl-12.15-150200.8.44.1 * postgresql12-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-pltcl-12.15-150200.8.44.1 * postgresql12-debugsource-12.15-150200.8.44.1 * postgresql12-server-12.15-150200.8.44.1 * postgresql12-devel-12.15-150200.8.44.1 * postgresql12-plpython-12.15-150200.8.44.1 * postgresql12-server-debuginfo-12.15-150200.8.44.1 * postgresql12-plperl-debuginfo-12.15-150200.8.44.1 * postgresql12-debuginfo-12.15-150200.8.44.1 * postgresql12-server-devel-debuginfo-12.15-150200.8.44.1 * postgresql12-contrib-12.15-150200.8.44.1 * postgresql12-server-devel-12.15-150200.8.44.1 * postgresql12-plpython-debuginfo-12.15-150200.8.44.1 * SUSE Enterprise Storage 7 (noarch) * postgresql12-docs-12.15-150200.8.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:24 -0000 Subject: SUSE-SU-2023:2198-1: important: Security update for postgresql12 Message-ID: <168415382446.32518.7085294993009555564@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:2198-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql12 fixes the following issues: Updated to version 12.15: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2198=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2198=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libecpg6-12.15-150100.3.41.1 * postgresql12-devel-12.15-150100.3.41.1 * postgresql12-pltcl-12.15-150100.3.41.1 * postgresql12-plpython-debuginfo-12.15-150100.3.41.1 * postgresql12-contrib-12.15-150100.3.41.1 * postgresql12-pltcl-debuginfo-12.15-150100.3.41.1 * postgresql12-debugsource-12.15-150100.3.41.1 * postgresql12-contrib-debuginfo-12.15-150100.3.41.1 * libecpg6-debuginfo-12.15-150100.3.41.1 * postgresql12-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-12.15-150100.3.41.1 * postgresql12-server-debuginfo-12.15-150100.3.41.1 * postgresql12-server-12.15-150100.3.41.1 * postgresql12-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-debuginfo-12.15-150100.3.41.1 * postgresql12-plpython-12.15-150100.3.41.1 * libpq5-12.15-150100.3.41.1 * postgresql12-server-devel-12.15-150100.3.41.1 * postgresql12-server-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-12.15-150100.3.41.1 * libpq5-debuginfo-12.15-150100.3.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.15-150100.3.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-12.15-150100.3.41.1 * libpq5-32bit-debuginfo-12.15-150100.3.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libecpg6-12.15-150100.3.41.1 * postgresql12-devel-12.15-150100.3.41.1 * postgresql12-pltcl-12.15-150100.3.41.1 * postgresql12-plpython-debuginfo-12.15-150100.3.41.1 * postgresql12-contrib-12.15-150100.3.41.1 * postgresql12-pltcl-debuginfo-12.15-150100.3.41.1 * postgresql12-debugsource-12.15-150100.3.41.1 * postgresql12-contrib-debuginfo-12.15-150100.3.41.1 * libecpg6-debuginfo-12.15-150100.3.41.1 * postgresql12-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-12.15-150100.3.41.1 * postgresql12-server-debuginfo-12.15-150100.3.41.1 * postgresql12-server-12.15-150100.3.41.1 * postgresql12-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-debuginfo-12.15-150100.3.41.1 * postgresql12-plpython-12.15-150100.3.41.1 * libpq5-12.15-150100.3.41.1 * postgresql12-server-devel-12.15-150100.3.41.1 * postgresql12-server-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-12.15-150100.3.41.1 * libpq5-debuginfo-12.15-150100.3.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.15-150100.3.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-12.15-150100.3.41.1 * libpq5-32bit-debuginfo-12.15-150100.3.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libecpg6-12.15-150100.3.41.1 * postgresql12-devel-12.15-150100.3.41.1 * postgresql12-pltcl-12.15-150100.3.41.1 * postgresql12-plpython-debuginfo-12.15-150100.3.41.1 * postgresql12-contrib-12.15-150100.3.41.1 * postgresql12-pltcl-debuginfo-12.15-150100.3.41.1 * postgresql12-debugsource-12.15-150100.3.41.1 * postgresql12-contrib-debuginfo-12.15-150100.3.41.1 * libecpg6-debuginfo-12.15-150100.3.41.1 * postgresql12-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-12.15-150100.3.41.1 * postgresql12-server-debuginfo-12.15-150100.3.41.1 * postgresql12-server-12.15-150100.3.41.1 * postgresql12-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-debuginfo-12.15-150100.3.41.1 * postgresql12-plpython-12.15-150100.3.41.1 * libpq5-12.15-150100.3.41.1 * postgresql12-server-devel-12.15-150100.3.41.1 * postgresql12-server-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-12.15-150100.3.41.1 * libpq5-debuginfo-12.15-150100.3.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * postgresql12-docs-12.15-150100.3.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libpq5-32bit-12.15-150100.3.41.1 * libpq5-32bit-debuginfo-12.15-150100.3.41.1 * SUSE CaaS Platform 4.0 (x86_64) * libecpg6-12.15-150100.3.41.1 * postgresql12-devel-12.15-150100.3.41.1 * postgresql12-pltcl-12.15-150100.3.41.1 * postgresql12-plpython-debuginfo-12.15-150100.3.41.1 * postgresql12-contrib-12.15-150100.3.41.1 * postgresql12-pltcl-debuginfo-12.15-150100.3.41.1 * postgresql12-debugsource-12.15-150100.3.41.1 * postgresql12-contrib-debuginfo-12.15-150100.3.41.1 * libecpg6-debuginfo-12.15-150100.3.41.1 * postgresql12-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-12.15-150100.3.41.1 * postgresql12-server-debuginfo-12.15-150100.3.41.1 * postgresql12-server-12.15-150100.3.41.1 * postgresql12-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-plperl-debuginfo-12.15-150100.3.41.1 * postgresql12-plpython-12.15-150100.3.41.1 * libpq5-12.15-150100.3.41.1 * libpq5-32bit-12.15-150100.3.41.1 * libpq5-32bit-debuginfo-12.15-150100.3.41.1 * postgresql12-server-devel-12.15-150100.3.41.1 * postgresql12-server-devel-debuginfo-12.15-150100.3.41.1 * postgresql12-12.15-150100.3.41.1 * libpq5-debuginfo-12.15-150100.3.41.1 * SUSE CaaS Platform 4.0 (noarch) * postgresql12-docs-12.15-150100.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:27 -0000 Subject: SUSE-RU-2023:2197-1: moderate: Recommended update for issue-generator Message-ID: <168415382738.32518.3644100559535775497@smelt2.suse.de> # Recommended update for issue-generator Announcement ID: SUSE-RU-2023:2197-1 Rating: moderate References: * #1118862 * #1169070 * #1177865 * #1177891 * #1186178 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has five recommended fixes can now be installed. ## Description: This update for issue-generator fixes the following issues: * Update to version 1.13 * SELinux: Do not call agetty --reload (bsc#1186178) * Update manual page * Use python3 instead of python 2.x * Don't display issue.d/*.issue files, agetty will do that (bsc#1177891) * Ignore /run/issue.d in issue-generator.path, else issue-generator will be called too fast too often (bsc#1177865) * Ignore _.bak,_ ~ and _.rpm_ files (bsc#1118862) * Display wlan interfaces (bsc#1169070) * Handle network interface renames ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2197=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2197=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2197=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2197=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2197=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2197=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2197=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2197=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2197=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2197=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2197=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2197=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2197=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2197=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2197=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2197=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2197=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2197=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * issue-generator-1.13-150100.3.3.1 * Basesystem Module 15-SP4 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Manager Server 4.2 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE Enterprise Storage 7 (noarch) * issue-generator-1.13-150100.3.3.1 * SUSE CaaS Platform 4.0 (noarch) * issue-generator-1.13-150100.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1118862 * https://bugzilla.suse.com/show_bug.cgi?id=1169070 * https://bugzilla.suse.com/show_bug.cgi?id=1177865 * https://bugzilla.suse.com/show_bug.cgi?id=1177891 * https://bugzilla.suse.com/show_bug.cgi?id=1186178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:28 -0000 Subject: SUSE-SU-2023:2196-1: low: Security update for libraw Message-ID: <168415382873.32518.1575288003639372737@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:2196-1 Rating: low References: * #1210720 Cross-References: * CVE-2023-1729 CVSS scores: * CVE-2023-1729 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2023-1729: Fixed a heap buffer overflow when converting an image (bsc#1210720). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2196=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2196=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libraw9-debuginfo-0.15.4-39.1 * libraw-devel-0.15.4-39.1 * libraw-devel-static-0.15.4-39.1 * libraw9-0.15.4-39.1 * libraw-debugsource-0.15.4-39.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libraw9-0.15.4-39.1 * libraw-debugsource-0.15.4-39.1 * libraw9-debuginfo-0.15.4-39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1729.html * https://bugzilla.suse.com/show_bug.cgi?id=1210720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:30 -0000 Subject: SUSE-SU-2023:2195-1: low: Security update for libraw Message-ID: <168415383018.32518.17567687785719702556@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:2195-1 Rating: low References: * #1210720 Cross-References: * CVE-2023-1729 CVSS scores: * CVE-2023-1729 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2023-1729: Fixed a heap buffer overflow when converting an image (bsc#1210720). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2195=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2195=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libraw16-debuginfo-0.18.9-150000.3.20.1 * libraw-debuginfo-0.18.9-150000.3.20.1 * libraw16-0.18.9-150000.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw-debugsource-0.18.9-150000.3.20.1 * libraw16-debuginfo-0.18.9-150000.3.20.1 * libraw-debuginfo-0.18.9-150000.3.20.1 * libraw16-0.18.9-150000.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1729.html * https://bugzilla.suse.com/show_bug.cgi?id=1210720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 12:30:31 -0000 Subject: SUSE-SU-2023:2194-1: low: Security update for libraw Message-ID: <168415383169.32518.11619782432425266715@smelt2.suse.de> # Security update for libraw Announcement ID: SUSE-SU-2023:2194-1 Rating: low References: * #1210720 Cross-References: * CVE-2023-1729 CVSS scores: * CVE-2023-1729 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2023-1729: Fixed a heap buffer overflow when converting an image (bsc#1210720). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2194=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2194=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2194=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libraw20-debuginfo-0.20.2-150400.3.6.1 * libraw-tools-0.20.2-150400.3.6.1 * libraw-debugsource-0.20.2-150400.3.6.1 * libraw-tools-debuginfo-0.20.2-150400.3.6.1 * libraw-devel-0.20.2-150400.3.6.1 * libraw20-0.20.2-150400.3.6.1 * libraw-devel-static-0.20.2-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libraw20-32bit-debuginfo-0.20.2-150400.3.6.1 * libraw20-32bit-0.20.2-150400.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libraw20-debuginfo-0.20.2-150400.3.6.1 * libraw20-0.20.2-150400.3.6.1 * libraw-debugsource-0.20.2-150400.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw-devel-0.20.2-150400.3.6.1 * libraw-debugsource-0.20.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1729.html * https://bugzilla.suse.com/show_bug.cgi?id=1210720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 15 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2023 16:30:05 -0000 Subject: SUSE-RU-2023:2208-1: moderate: Recommended update for strongswan Message-ID: <168416820526.10295.1540555593678323502@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:2208-1 Rating: moderate References: * #1184144 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for strongswan fixes the following issues: * Allow to use ipsec interface by default instead of swanctl (bsc#1184144) * Removes deprecated SysV support ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2208=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2208=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2208=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150000.4.20.1 * strongswan-ipsec-5.8.2-150000.4.20.1 * strongswan-debuginfo-5.8.2-150000.4.20.1 * strongswan-5.8.2-150000.4.20.1 * strongswan-libs0-5.8.2-150000.4.20.1 * strongswan-hmac-5.8.2-150000.4.20.1 * strongswan-libs0-debuginfo-5.8.2-150000.4.20.1 * strongswan-ipsec-debuginfo-5.8.2-150000.4.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.8.2-150000.4.20.1 * strongswan-ipsec-5.8.2-150000.4.20.1 * strongswan-debuginfo-5.8.2-150000.4.20.1 * strongswan-5.8.2-150000.4.20.1 * strongswan-libs0-5.8.2-150000.4.20.1 * strongswan-hmac-5.8.2-150000.4.20.1 * strongswan-libs0-debuginfo-5.8.2-150000.4.20.1 * strongswan-ipsec-debuginfo-5.8.2-150000.4.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * strongswan-debugsource-5.8.2-150000.4.20.1 * strongswan-ipsec-5.8.2-150000.4.20.1 * strongswan-debuginfo-5.8.2-150000.4.20.1 * strongswan-5.8.2-150000.4.20.1 * strongswan-libs0-5.8.2-150000.4.20.1 * strongswan-hmac-5.8.2-150000.4.20.1 * strongswan-libs0-debuginfo-5.8.2-150000.4.20.1 * strongswan-ipsec-debuginfo-5.8.2-150000.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * strongswan-doc-5.8.2-150000.4.20.1 * SUSE CaaS Platform 4.0 (x86_64) * strongswan-debugsource-5.8.2-150000.4.20.1 * strongswan-ipsec-5.8.2-150000.4.20.1 * strongswan-debuginfo-5.8.2-150000.4.20.1 * strongswan-5.8.2-150000.4.20.1 * strongswan-libs0-5.8.2-150000.4.20.1 * strongswan-hmac-5.8.2-150000.4.20.1 * strongswan-libs0-debuginfo-5.8.2-150000.4.20.1 * strongswan-ipsec-debuginfo-5.8.2-150000.4.20.1 * SUSE CaaS Platform 4.0 (noarch) * strongswan-doc-5.8.2-150000.4.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1184144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 07:08:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 09:08:02 +0200 (CEST) Subject: SUSE-CU-2023:1582-1: Security update of suse/registry Message-ID: <20230516070802.48820FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1582-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-9.7 , suse/registry:latest Container Release : 9.7 Severity : important Type : security References : 1206513 1207705 CVE-2023-2253 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2154-1 Released: Tue May 9 18:25:20 2023 Summary: Security update for distribution Type: security Severity: important References: 1207705,CVE-2023-2253 This update for distribution fixes the following issues: - CVE-2023-2253: Fixed possible DoS via a crafted malicious /v2/_catalog API endpoint request (bsc#1207705). The following package changes have been done: - distribution-registry-2.8.1-150400.9.18.1 updated - libz1-1.2.11-150000.3.42.1 updated From sle-updates at lists.suse.com Tue May 16 07:11:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 09:11:00 +0200 (CEST) Subject: SUSE-CU-2023:1586-1: Security update of bci/nodejs Message-ID: <20230516071100.77614FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1586-1 Container Tags : bci/node:16 , bci/node:16-15.51 , bci/nodejs:16 , bci/nodejs:16-15.51 Container Release : 15.51 Severity : important Type : security References : 1206513 1207014 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - container:sles15-image-15.0.0-27.14.60 updated From sle-updates at lists.suse.com Tue May 16 07:14:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 09:14:35 +0200 (CEST) Subject: SUSE-CU-2023:1591-1: Security update of bci/bci-init Message-ID: <20230516071435.D1563FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1591-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.118 Container Release : 4.118 Severity : moderate Type : security References : 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). The following package changes have been done: - libz1-1.2.13-150500.2.1 updated - libuuid1-2.37.4-150500.7.14 updated - libsmartcols1-2.37.4-150500.7.14 updated - libblkid1-2.37.4-150500.7.14 updated - libgcrypt20-1.9.4-150500.10.18 updated - libgcrypt20-hmac-1.9.4-150500.10.18 updated - libfdisk1-2.37.4-150500.7.14 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.3 updated - libopenssl1_1-hmac-1.1.1l-150500.15.3 updated - libmount1-2.37.4-150500.7.14 updated - krb5-1.20.1-150500.1.2 updated - sles-release-15.5-150500.43.3 updated - util-linux-2.37.4-150500.7.14 updated - libdevmapper1_03-2.03.16_1.02.185-150500.5.3 updated - container:sles15-image-15.0.0-35.2.45 updated From sle-updates at lists.suse.com Tue May 16 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2219-1: important: Security update for postgresql13 Message-ID: <168424020473.25528.10771489605391480524@smelt2.suse.de> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:2219-1 Rating: important References: * #1210303 * #1211228 * #1211229 Cross-References: * CVE-2023-2454 * CVE-2023-2455 CVSS scores: * CVE-2023-2454 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2455 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql13 fixes the following issues: Updated to version 13.11: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). \- CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). \- Internal fixes (bsc#1210303). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2219=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2219=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2219=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2219=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2219=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2219=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2219=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2219=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2219=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2219=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2219=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2219=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2219=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2219=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2219=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-llvmjit-debuginfo-13.11-150200.5.40.1 * postgresql13-llvmjit-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * postgresql13-test-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-llvmjit-devel-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * openSUSE Leap 15.4 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-llvmjit-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-llvmjit-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-llvmjit-devel-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * Legacy Module 15-SP4 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Manager Server 4.2 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql13-docs-13.11-150200.5.40.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * postgresql13-devel-13.11-150200.5.40.1 * postgresql13-server-debuginfo-13.11-150200.5.40.1 * postgresql13-debugsource-13.11-150200.5.40.1 * postgresql13-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-server-13.11-150200.5.40.1 * postgresql13-plperl-debuginfo-13.11-150200.5.40.1 * postgresql13-pltcl-debuginfo-13.11-150200.5.40.1 * postgresql13-server-devel-debuginfo-13.11-150200.5.40.1 * postgresql13-plpython-debuginfo-13.11-150200.5.40.1 * postgresql13-plperl-13.11-150200.5.40.1 * postgresql13-pltcl-13.11-150200.5.40.1 * postgresql13-contrib-debuginfo-13.11-150200.5.40.1 * postgresql13-debuginfo-13.11-150200.5.40.1 * postgresql13-13.11-150200.5.40.1 * postgresql13-contrib-13.11-150200.5.40.1 * postgresql13-server-devel-13.11-150200.5.40.1 * postgresql13-plpython-13.11-150200.5.40.1 * SUSE Enterprise Storage 7 (noarch) * postgresql13-docs-13.11-150200.5.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2454.html * https://www.suse.com/security/cve/CVE-2023-2455.html * https://bugzilla.suse.com/show_bug.cgi?id=1210303 * https://bugzilla.suse.com/show_bug.cgi?id=1211228 * https://bugzilla.suse.com/show_bug.cgi?id=1211229 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:09 -0000 Subject: SUSE-RU-2023:0874-2: moderate: Recommended update for crash Message-ID: <168424020976.25528.7397708949154980208@smelt2.suse.de> # Recommended update for crash Announcement ID: SUSE-RU-2023:0874-2 Rating: moderate References: * #1169099 * #1183965 * #1185209 * #1187634 * #1206328 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has five recommended fixes can now be installed. ## Description: This update for crash fixes the following issues: * Updating crash from 15 SP2 version to 15 SP3 version (bsc#1206328) * Fix build on ppc64 - it needs full TOC as much as ppc64le. * Use the value of xen_start_info to determine whether the kernel is running in Xen PV mode.(bsc#1187634) * Fix bt command with SEV-ES (bsc#1185209) * Add back some more missing KMP conditionals * Crash KMPs cannot be always built. * Support the lockless printk ringbuffer added into kernel-5.10 (bsc#1183965) * Install and ship the small built-in extensions snap.so, trace.so, and dminfo.so. * Update arm64 support (bsc#1169099). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-874=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-874=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-874=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-874=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * crash-devel-7.2.9-150200.18.17.1 * crash-kmp-default-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-kmp-default-debuginfo-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-7.2.9-150200.18.17.1 * crash-debugsource-7.2.9-150200.18.17.1 * crash-debuginfo-7.2.9-150200.18.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * crash-gcore-debuginfo-7.2.9-150200.18.17.1 * crash-gcore-7.2.9-150200.18.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * crash-devel-7.2.9-150200.18.17.1 * crash-kmp-default-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-kmp-default-debuginfo-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-7.2.9-150200.18.17.1 * crash-debugsource-7.2.9-150200.18.17.1 * crash-debuginfo-7.2.9-150200.18.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * crash-gcore-debuginfo-7.2.9-150200.18.17.1 * crash-gcore-7.2.9-150200.18.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * crash-devel-7.2.9-150200.18.17.1 * crash-kmp-default-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-kmp-default-debuginfo-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-7.2.9-150200.18.17.1 * crash-debugsource-7.2.9-150200.18.17.1 * crash-debuginfo-7.2.9-150200.18.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * crash-gcore-debuginfo-7.2.9-150200.18.17.1 * crash-gcore-7.2.9-150200.18.17.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * crash-devel-7.2.9-150200.18.17.1 * crash-kmp-default-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-kmp-default-debuginfo-7.2.9_k5.3.18_150200.24.145-150200.18.17.1 * crash-7.2.9-150200.18.17.1 * crash-debugsource-7.2.9-150200.18.17.1 * crash-debuginfo-7.2.9-150200.18.17.1 * SUSE Enterprise Storage 7 (x86_64) * crash-gcore-debuginfo-7.2.9-150200.18.17.1 * crash-gcore-7.2.9-150200.18.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1169099 * https://bugzilla.suse.com/show_bug.cgi?id=1183965 * https://bugzilla.suse.com/show_bug.cgi?id=1185209 * https://bugzilla.suse.com/show_bug.cgi?id=1187634 * https://bugzilla.suse.com/show_bug.cgi?id=1206328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:11 -0000 Subject: SUSE-SU-2023:2218-1: moderate: Security update for python-cryptography Message-ID: <168424021118.25528.7707534641797487249@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:2218-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2218=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2218=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-cryptography-2.3.1-3.6.6 * python-cryptography-debuginfo-2.3.1-3.6.6 * python-cryptography-debugsource-2.3.1-3.6.6 * SUSE OpenStack Cloud 9 (noarch) * venv-openstack-sahara-x86_64-9.0.2~dev15-3.39.2 * venv-openstack-ironic-x86_64-11.1.5~dev18-4.37.2 * venv-openstack-magnum-x86_64-7.2.1~dev1-4.39.3 * venv-openstack-keystone-x86_64-14.2.1~dev9-3.40.2 * venv-openstack-octavia-x86_64-3.2.3~dev7-4.39.2 * venv-openstack-designate-x86_64-7.0.2~dev2-3.39.2 * venv-openstack-monasca-x86_64-2.7.1~dev10-3.41.2 * venv-openstack-glance-x86_64-17.0.1~dev30-3.37.2 * venv-openstack-swift-x86_64-2.19.2~dev48-2.34.2 * venv-openstack-horizon-x86_64-14.1.1~dev11-4.47.2 * venv-openstack-cinder-x86_64-13.0.10~dev24-3.42.3 * venv-openstack-manila-x86_64-7.4.2~dev60-3.45.2 * venv-openstack-nova-x86_64-18.3.1~dev92-3.47.2 * venv-openstack-barbican-x86_64-7.0.1~dev24-3.41.2 * venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.39.2 * venv-openstack-heat-x86_64-11.0.4~dev4-3.41.2 * venv-openstack-neutron-x86_64-13.0.8~dev209-6.47.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-cryptography-2.3.1-3.6.6 * python-cryptography-debuginfo-2.3.1-3.6.6 * python-cryptography-debugsource-2.3.1-3.6.6 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:14 -0000 Subject: SUSE-RU-2023:2217-1: moderate: Recommended update for strongswan Message-ID: <168424021431.25528.12209972955909223458@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:2217-1 Rating: moderate References: * #1184144 * #1207489 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has two recommended fixes can now be installed. ## Description: This update for strongswan fixes the following issues: * Allow to use ipsec interface by default instead of swanctl (bsc#1184144) * Fix crash when swanctl command gets stuck intermittently (bsc#1207489) * Modified README file to reflect rcipsec usage ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2217=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2217=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2217=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2217=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * strongswan-5.8.2-150400.19.11.1 * strongswan-debugsource-5.8.2-150400.19.11.1 * strongswan-ipsec-debuginfo-5.8.2-150400.19.11.1 * strongswan-ipsec-5.8.2-150400.19.11.1 * strongswan-mysql-5.8.2-150400.19.11.1 * strongswan-mysql-debuginfo-5.8.2-150400.19.11.1 * strongswan-nm-5.8.2-150400.19.11.1 * strongswan-debuginfo-5.8.2-150400.19.11.1 * strongswan-libs0-5.8.2-150400.19.11.1 * strongswan-nm-debuginfo-5.8.2-150400.19.11.1 * strongswan-sqlite-debuginfo-5.8.2-150400.19.11.1 * strongswan-libs0-debuginfo-5.8.2-150400.19.11.1 * strongswan-sqlite-5.8.2-150400.19.11.1 * strongswan-hmac-5.8.2-150400.19.11.1 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.8.2-150400.19.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-5.8.2-150400.19.11.1 * strongswan-debugsource-5.8.2-150400.19.11.1 * strongswan-ipsec-debuginfo-5.8.2-150400.19.11.1 * strongswan-ipsec-5.8.2-150400.19.11.1 * strongswan-debuginfo-5.8.2-150400.19.11.1 * strongswan-libs0-5.8.2-150400.19.11.1 * strongswan-libs0-debuginfo-5.8.2-150400.19.11.1 * strongswan-hmac-5.8.2-150400.19.11.1 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.8.2-150400.19.11.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150400.19.11.1 * strongswan-debugsource-5.8.2-150400.19.11.1 * strongswan-nm-5.8.2-150400.19.11.1 * strongswan-nm-debuginfo-5.8.2-150400.19.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.8.2-150400.19.11.1 * strongswan-debugsource-5.8.2-150400.19.11.1 * strongswan-nm-5.8.2-150400.19.11.1 * strongswan-nm-debuginfo-5.8.2-150400.19.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1184144 * https://bugzilla.suse.com/show_bug.cgi?id=1207489 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:16 -0000 Subject: SUSE-RU-2023:2216-1: important: Recommended update for python-packaging Message-ID: <168424021689.25528.17862934547129314917@smelt2.suse.de> # Recommended update for python-packaging Announcement ID: SUSE-RU-2023:2216-1 Rating: important References: * #1186870 * #1199282 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains two features and has two recommended fixes can now be installed. ## Description: This update for python-packaging fixes the following issues: * Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add patch to fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it. * update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo * Add Provides: for python*dist(packaging). (bsc#1186870) * add no-legacyversion-warning.patch to restore compatibility with 20.4 * update to 20.9: * Add support for the `macosx_10_*_universal2` platform tags * Introduce `packaging.utils.parse_wheel_filename()` and `parse_sdist_filename()` * update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the `LegacyVersion` and `LegacySpecifier` classes * Handle `OSError` on non-dynamic executables when attempting to resolve the glibc version string. * update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for `canonicalize_name` to return `packaging.utils.NormalizedName`. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2216=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2216=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2216=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2216=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2216=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2216=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2216=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2216=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2216=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2216=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2216=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2216=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2216=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2216=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2216=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2216=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2216=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2216=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2216=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2216=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2216=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2216=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2216=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-packaging-21.3-150200.3.3.1 * openSUSE Leap 15.4 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-packaging-21.3-150200.3.3.1 * Basesystem Module 15-SP4 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Manager Server 4.2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Enterprise Storage 7 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-packaging-21.3-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-packaging-21.3-150200.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186870 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://jira.suse.com/browse/PM-3243 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:18 -0000 Subject: SUSE-SU-2023:2215-1: moderate: Security update for dmidecode Message-ID: <168424021853.25528.9753724928386257365@smelt2.suse.de> # Security update for dmidecode Announcement ID: SUSE-SU-2023:2215-1 Rating: moderate References: * #1210418 Cross-References: * CVE-2023-30630 CVSS scores: * CVE-2023-30630 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30630 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for dmidecode fixes the following issues: * CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2215=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2215=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2215=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2215=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2215=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2215=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2215=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2215=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2215=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2215=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2215=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2215=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2215=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2215=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2215=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2215=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2215=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2215=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2215=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Manager Proxy 4.2 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Manager Server 4.2 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE CaaS Platform 4.0 (x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * dmidecode-debugsource-3.2-150100.9.16.1 * dmidecode-debuginfo-3.2-150100.9.16.1 * dmidecode-3.2-150100.9.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30630.html * https://bugzilla.suse.com/show_bug.cgi?id=1210418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:21 -0000 Subject: SUSE-SU-2023:2213-1: important: Security update for prometheus-sap_host_exporter Message-ID: <168424022162.25528.10067053339385633147@smelt2.suse.de> # Security update for prometheus-sap_host_exporter Announcement ID: SUSE-SU-2023:2213-1 Rating: important References: * #1200441 * #1209658 Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has two fixes can now be installed. ## Description: This update of prometheus-sap_host_exporter fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2213=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-150000.1.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:20 -0000 Subject: SUSE-RU-2023:2214-1: moderate: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <168424022024.25528.9544030045082202145@smelt2.suse.de> # Recommended update for kubevirt, virt-api-container, virt-controller- container, virt-handler-container, virt-launcher-container, virt-libguestfs- tools-container, virt-operator-container Announcement ID: SUSE-RU-2023:2214-1 Rating: moderate References: * #1210906 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: * Always render block devices in hp-volume- pod template * Detect ServiceMonitor and PrometheusRule CRDs * TSC frequencies: add 250PPM tolerance (bsc#1210906) * Follow the recommended semantics for the device plugin registration process (https://github.com/kubernetes/kubernetes/issues/112395) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2214=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2214=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2214=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2214=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2214=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2214=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2214=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * openSUSE Leap 15.4 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virt-api-0.54.0-150400.3.16.1 * kubevirt-virt-launcher-0.54.0-150400.3.16.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.16.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virt-operator-0.54.0-150400.3.16.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-container-disk-0.54.0-150400.3.16.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virt-api-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virt-controller-0.54.0-150400.3.16.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virt-handler-0.54.0-150400.3.16.1 * kubevirt-tests-0.54.0-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 * Containers Module 15-SP4 (x86_64) * kubevirt-manifests-0.54.0-150400.3.16.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.16.1 * kubevirt-virtctl-0.54.0-150400.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210906 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:23 -0000 Subject: SUSE-SU-2023:2212-1: important: Security update for prometheus-sap_host_exporter Message-ID: <168424022324.25528.3214054158096614000@smelt2.suse.de> # Security update for prometheus-sap_host_exporter Announcement ID: SUSE-SU-2023:2212-1 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has two fixes can now be installed. ## Description: This update of prometheus-sap_host_exporter fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2212=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2212=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2212=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2212=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-150200.4.5.1 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-150200.4.5.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-150200.4.5.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-150200.4.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:24 -0000 Subject: SUSE-SU-2023:2211-1: important: Security update for MozillaThunderbird Message-ID: <168424022475.25528.16089221984457393870@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:2211-1 Rating: important References: * #1211175 Cross-References: * CVE-2023-32205 * CVE-2023-32206 * CVE-2023-32207 * CVE-2023-32211 * CVE-2023-32212 * CVE-2023-32213 * CVE-2023-32214 * CVE-2023-32215 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to version 102.11: * fixed: During Account Setup, the "Checking password..." message was not removed after a failure (bmo#1826022) * fixed: Miscellaneous UI fixes (bmo#1827070) * fixed: Security fixes MFSA 2023-18 (bsc#1211175) * CVE-2023-32205: Browser prompts could have been obscured by popups * CVE-2023-32206: Crash in RLBox Expat driver * CVE-2023-32207: Potential permissions request bypass via clickjacking * CVE-2023-32211: Content process crash due to invalid wasm code * CVE-2023-32212: Potential spoof due to obscured address bar * CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() * CVE-2023-32214: Potential DoS via exposed protocol handlers * CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2211=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2211=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2211=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-102.11.0-150200.8.116.1 * MozillaThunderbird-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-other-102.11.0-150200.8.116.1 * MozillaThunderbird-debugsource-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-common-102.11.0-150200.8.116.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-102.11.0-150200.8.116.1 * MozillaThunderbird-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-other-102.11.0-150200.8.116.1 * MozillaThunderbird-debugsource-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-common-102.11.0-150200.8.116.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-102.11.0-150200.8.116.1 * MozillaThunderbird-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-other-102.11.0-150200.8.116.1 * MozillaThunderbird-debugsource-102.11.0-150200.8.116.1 * MozillaThunderbird-translations-common-102.11.0-150200.8.116.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32205.html * https://www.suse.com/security/cve/CVE-2023-32206.html * https://www.suse.com/security/cve/CVE-2023-32207.html * https://www.suse.com/security/cve/CVE-2023-32211.html * https://www.suse.com/security/cve/CVE-2023-32212.html * https://www.suse.com/security/cve/CVE-2023-32213.html * https://www.suse.com/security/cve/CVE-2023-32214.html * https://www.suse.com/security/cve/CVE-2023-32215.html * https://bugzilla.suse.com/show_bug.cgi?id=1211175 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:26 -0000 Subject: SUSE-SU-2023:2210-1: important: Security update for rekor Message-ID: <168424022630.25528.6162527375157139835@smelt2.suse.de> # Security update for rekor Announcement ID: SUSE-SU-2023:2210-1 Rating: important References: * #1211210 Cross-References: * CVE-2023-30551 CVSS scores: * CVE-2023-30551 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-30551 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for rekor fixes the following issues: Updated to version 1.1.1 (jsc#SLE-23476): Functional Enhancements \- Refactor Trillian client with exported methods (#1454) \- Switch to official redis-go client (#1459) \- Remove replace in go.mod (#1444) \- Add Rekor OID info. (#1390) Quality Enhancements \- remove legacy encrypted cosign key (#1446) \- swap cjson dependency (#1441) \- Update release readme (#1456) Security fixes: \- CVE-2023-30551: Fixed a potential denial of service when processing JAR META-INF files or .SIGN/.PKINFO files in APK files (bsc#1211210). * updated to rekor 1.1.0 (jsc#SLE-23476): Functional Enhancements * improve validation on intoto v0.0.2 type (#1351) * add feature to limit HTTP request body length to process (#1334) * add information about the file size limit (#1313) * Add script to backfill Redis from Rekor (#1163) * Feature: add search support for sha512 (#1142) Quality Enhancements * various fuzzing fixes Bug Fixes * remove goroutine usage from SearchLogQuery (#1407) * drop log messages regarding attestation storage to debug (#1408) * fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309) * fix: fix regex for multi-digit counts (#1321) * return NotFound if treesize is 0 rather than calling trillian (#1311) * enumerate slice to get sugared logs (#1312) * put a reasonable size limit on ssh key reader (#1288) * CLIENT: Fix Custom Host and Path Issue (#1306) * do not persist local state if log is empty; fail consistency proofs from 0 size (#1290) * correctly handle invalid or missing pki format (#1281) * Add Verifier to get public key/cert and identities for entry type (#1210) * fix goroutine leak in client; add insecure TLS option (#1238) * Fix - Remove the force-recreate flag (#1179) * trim whitespace around public keys before parsing (#1175) * stop inserting envelope hash for intoto:0.0.2 types into index (#1171) * Revert "remove double encoding of payload and signature fields for intoto (#1150)" (#1158) * remove double encoding of payload and signature fields for intoto (#1150) * fix SearchLogQuery behavior to conform to openapi spec (#1145) * Remove pem-certificate-chain from client (#1138) * fix flag type for operator in search (#1136) * use sigstore/community dep review (#1132) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2210=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2210=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rekor-1.1.1-150400.4.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rekor-1.1.1-150400.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30551.html * https://bugzilla.suse.com/show_bug.cgi?id=1211210 * https://jira.suse.com/browse/SLE-23476 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 12:30:27 -0000 Subject: SUSE-RU-2023:2209-1: moderate: Recommended update for gdb Message-ID: <168424022797.25528.3939238836515276255@smelt2.suse.de> # Recommended update for gdb Announcement ID: SUSE-RU-2023:2209-1 Rating: moderate References: * #1207712 * #1210081 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for gdb fixes the following issues: * Fix license of gdb to be GPLv3, due to a mistake the testsuite results license was used (bsc#1210081). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2209=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2209=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gdbserver-12.1-150400.15.9.1 * gdbserver-debuginfo-12.1-150400.15.9.1 * gdb-debuginfo-12.1-150400.15.9.1 * gdb-12.1-150400.15.9.1 * gdb-debugsource-12.1-150400.15.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-12.1-150400.15.9.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gdbserver-12.1-150400.15.9.1 * gdbserver-debuginfo-12.1-150400.15.9.1 * gdb-debuginfo-12.1-150400.15.9.1 * gdb-12.1-150400.15.9.1 * gdb-debugsource-12.1-150400.15.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207712 * https://bugzilla.suse.com/show_bug.cgi?id=1210081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2222-1: important: Security update for java-11-openjdk Message-ID: <168425460299.28981.95477765095116392@smelt2.suse.de> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:2222-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): * CVE-2023-21930: Fixed AES support (bsc#1210628). * CVE-2023-21937: Fixed String platform support (bsc#1210631). * CVE-2023-21938: Fixed runtime support (bsc#1210632). * CVE-2023-21939: Fixed Swing platform support (bsc#1210634). * CVE-2023-21954: Fixed object reclamation process (bsc#1210635). * CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). * CVE-2023-21968: Fixed path handling (bsc#1210637). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2222=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2222=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2222=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2222=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2222=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2222=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2222=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2222=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2222=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2222=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2222=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2222=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2222=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2222=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2222=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2222=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2222=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2222=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2222=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-jmods-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-src-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * java-11-openjdk-11.0.19.0-150000.3.96.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.19.0-150000.3.96.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-11.0.19.0-150000.3.96.1 * java-11-openjdk-demo-11.0.19.0-150000.3.96.1 * java-11-openjdk-devel-11.0.19.0-150000.3.96.1 * java-11-openjdk-headless-11.0.19.0-150000.3.96.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2221-1: important: Security update for conmon Message-ID: <168425460494.28981.3512996674854916361@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:2221-1 Rating: important References: * #1200441 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update of conmon fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2221=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2221=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2221=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2221=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2221=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2221=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2221=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2221=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * conmon-2.1.5-150300.8.11.1 * conmon-debuginfo-2.1.5-150300.8.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.5-150300.8.11.1 * conmon-2.1.5-150300.8.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 16:30:07 -0000 Subject: SUSE-RU-2023:2220-1: moderate: Recommended update for strongswan Message-ID: <168425460746.28981.2551997069010955921@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:2220-1 Rating: moderate References: * #1184144 * #1207489 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for strongswan fixes the following issues: * Allow to use ipsec interface by default instead of swanctl (bsc#1184144) * Fix crash when swanctl command gets stuck intermittently (bsc#1207489) * Modified README file to reflect rcipsec usage ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2220=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2220=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2220=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2220=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2220=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2220=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2220=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2220=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2220=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2220=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2220=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2220=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2220=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Manager Proxy 4.2 (x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Manager Proxy 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Manager Server 4.2 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Enterprise Storage 7.1 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * strongswan-debugsource-5.8.2-150200.11.39.1 * strongswan-5.8.2-150200.11.39.1 * strongswan-libs0-5.8.2-150200.11.39.1 * strongswan-hmac-5.8.2-150200.11.39.1 * strongswan-libs0-debuginfo-5.8.2-150200.11.39.1 * strongswan-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-debuginfo-5.8.2-150200.11.39.1 * strongswan-ipsec-5.8.2-150200.11.39.1 * SUSE Enterprise Storage 7 (noarch) * strongswan-doc-5.8.2-150200.11.39.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1184144 * https://bugzilla.suse.com/show_bug.cgi?id=1207489 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 16 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2023 20:30:02 -0000 Subject: SUSE-SU-2023:2223-1: moderate: Security update for libheif Message-ID: <168426900239.22372.6708387412836484532@smelt2.suse.de> # Security update for libheif Announcement ID: SUSE-SU-2023:2223-1 Rating: moderate References: * #1211174 Cross-References: * CVE-2023-29659 CVSS scores: * CVE-2023-29659 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-29659 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libheif fixes the following issues: * CVE-2023-29659: Fixed segfault caused by divide-by-zero (bsc#1211174). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2223=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2223=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libheif-devel-1.12.0-150400.3.11.1 * libheif-debugsource-1.12.0-150400.3.11.1 * libheif1-1.12.0-150400.3.11.1 * libheif1-debuginfo-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.11.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.11.1 * openSUSE Leap 15.4 (x86_64) * libheif1-32bit-1.12.0-150400.3.11.1 * libheif1-32bit-debuginfo-1.12.0-150400.3.11.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libheif1-debuginfo-1.12.0-150400.3.11.1 * libheif1-1.12.0-150400.3.11.1 * libheif-debugsource-1.12.0-150400.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29659.html * https://bugzilla.suse.com/show_bug.cgi?id=1211174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 07:03:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 09:03:54 +0200 (CEST) Subject: SUSE-CU-2023:1595-1: Recommended update of suse/389-ds Message-ID: <20230517070354.B6BF4FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1595-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.32 , suse/389-ds:latest Container Release : 21.32 Severity : important Type : recommended References : 1186870 1199282 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. The following package changes have been done: - python3-packaging-21.3-150200.3.3.1 updated From sle-updates at lists.suse.com Wed May 17 07:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 09:04:49 +0200 (CEST) Subject: SUSE-CU-2023:1596-1: Security update of bci/openjdk Message-ID: <20230517070449.3F85FFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1596-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.52 Container Release : 35.52 Severity : important Type : security References : 1210628 1210631 1210632 1210634 1210635 1210636 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2222-1 Released: Tue May 16 17:41:47 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). The following package changes have been done: - java-11-openjdk-headless-11.0.19.0-150000.3.96.1 updated - java-11-openjdk-11.0.19.0-150000.3.96.1 updated From sle-updates at lists.suse.com Wed May 17 07:05:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 09:05:42 +0200 (CEST) Subject: SUSE-CU-2023:1597-1: Recommended update of bci/python Message-ID: <20230517070542.7B55FFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1597-1 Container Tags : bci/python:3 , bci/python:3-35.49 , bci/python:3.6 , bci/python:3.6-35.49 Container Release : 35.49 Severity : important Type : recommended References : 1186870 1199282 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. The following package changes have been done: - python3-packaging-21.3-150200.3.3.1 updated From sle-updates at lists.suse.com Wed May 17 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2226-1: important: Security update for curl Message-ID: <168431220586.26322.2165226460846167026@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2226-1 Rating: important References: * #1206309 * #1207992 * #1209209 * #1209210 * #1209211 * #1209212 * #1209214 * #1211231 * #1211232 * #1211233 * #1211339 Cross-References: * CVE-2022-43552 * CVE-2023-23916 * CVE-2023-27533 * CVE-2023-27534 * CVE-2023-27535 * CVE-2023-27536 * CVE-2023-27538 * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2022-43552 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-43552 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23916 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-27533 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-27533 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-27534 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-27534 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27535 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-27536 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27538 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27538 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 6 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 10 vulnerabilities and has one fix can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). * CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). * CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). * CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). * CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). * CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). * CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). * CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). * CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). * CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2226=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2226=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2226=1 * SUSE Enterprise Storage 6 zypper in -t patch SUSE-Storage-6-2023-2226=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * curl-debugsource-7.60.0-150000.51.1 * curl-debuginfo-7.60.0-150000.51.1 * libcurl4-debuginfo-7.60.0-150000.51.1 * curl-7.60.0-150000.51.1 * libcurl4-7.60.0-150000.51.1 * libcurl-devel-7.60.0-150000.51.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcurl4-32bit-7.60.0-150000.51.1 * libcurl4-32bit-debuginfo-7.60.0-150000.51.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * curl-debugsource-7.60.0-150000.51.1 * curl-debuginfo-7.60.0-150000.51.1 * libcurl4-debuginfo-7.60.0-150000.51.1 * curl-7.60.0-150000.51.1 * libcurl4-7.60.0-150000.51.1 * libcurl-devel-7.60.0-150000.51.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcurl4-32bit-7.60.0-150000.51.1 * libcurl4-32bit-debuginfo-7.60.0-150000.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * curl-debugsource-7.60.0-150000.51.1 * curl-debuginfo-7.60.0-150000.51.1 * libcurl4-debuginfo-7.60.0-150000.51.1 * curl-7.60.0-150000.51.1 * libcurl4-7.60.0-150000.51.1 * libcurl-devel-7.60.0-150000.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcurl4-32bit-7.60.0-150000.51.1 * libcurl4-32bit-debuginfo-7.60.0-150000.51.1 * SUSE Enterprise Storage 6 (aarch64 x86_64) * curl-debugsource-7.60.0-150000.51.1 * curl-debuginfo-7.60.0-150000.51.1 * libcurl4-debuginfo-7.60.0-150000.51.1 * curl-7.60.0-150000.51.1 * libcurl4-7.60.0-150000.51.1 * libcurl-devel-7.60.0-150000.51.1 * SUSE Enterprise Storage 6 (x86_64) * libcurl4-32bit-7.60.0-150000.51.1 * libcurl4-32bit-debuginfo-7.60.0-150000.51.1 * SUSE CaaS Platform 4.0 (x86_64) * libcurl4-32bit-7.60.0-150000.51.1 * curl-debugsource-7.60.0-150000.51.1 * curl-debuginfo-7.60.0-150000.51.1 * libcurl4-32bit-debuginfo-7.60.0-150000.51.1 * libcurl4-debuginfo-7.60.0-150000.51.1 * curl-7.60.0-150000.51.1 * libcurl4-7.60.0-150000.51.1 * libcurl-devel-7.60.0-150000.51.1 ## References: * https://www.suse.com/security/cve/CVE-2022-43552.html * https://www.suse.com/security/cve/CVE-2023-23916.html * https://www.suse.com/security/cve/CVE-2023-27533.html * https://www.suse.com/security/cve/CVE-2023-27534.html * https://www.suse.com/security/cve/CVE-2023-27535.html * https://www.suse.com/security/cve/CVE-2023-27536.html * https://www.suse.com/security/cve/CVE-2023-27538.html * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1206309 * https://bugzilla.suse.com/show_bug.cgi?id=1207992 * https://bugzilla.suse.com/show_bug.cgi?id=1209209 * https://bugzilla.suse.com/show_bug.cgi?id=1209210 * https://bugzilla.suse.com/show_bug.cgi?id=1209211 * https://bugzilla.suse.com/show_bug.cgi?id=1209212 * https://bugzilla.suse.com/show_bug.cgi?id=1209214 * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://bugzilla.suse.com/show_bug.cgi?id=1211339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 08:30:08 -0000 Subject: SUSE-SU-2023:2225-1: important: Security update for curl Message-ID: <168431220847.26322.11783449094449446659@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2225-1 Rating: important References: * #1198608 * #1211230 * #1211231 * #1211232 * #1211233 Cross-References: * CVE-2022-27774 * CVE-2023-28319 * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2022-27774 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-27774 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-28319 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). * CVE-2023-28320: siglongjmp race condition (bsc#1211231). * CVE-2023-28321: IDN wildcard matching (bsc#1211232). * CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2225=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2225=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2225=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2225=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.65.2 * libcurl-devel-8.0.1-11.65.2 * curl-debuginfo-8.0.1-11.65.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * curl-debugsource-8.0.1-11.65.2 * curl-8.0.1-11.65.2 * curl-debuginfo-8.0.1-11.65.2 * libcurl4-8.0.1-11.65.2 * libcurl4-debuginfo-8.0.1-11.65.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.65.2 * libcurl4-debuginfo-32bit-8.0.1-11.65.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.65.2 * curl-8.0.1-11.65.2 * curl-debuginfo-8.0.1-11.65.2 * libcurl4-8.0.1-11.65.2 * libcurl4-debuginfo-8.0.1-11.65.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-32bit-8.0.1-11.65.2 * libcurl4-debuginfo-32bit-8.0.1-11.65.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * curl-debugsource-8.0.1-11.65.2 * curl-8.0.1-11.65.2 * curl-debuginfo-8.0.1-11.65.2 * libcurl4-8.0.1-11.65.2 * libcurl4-debuginfo-8.0.1-11.65.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.65.2 * libcurl4-debuginfo-32bit-8.0.1-11.65.2 ## References: * https://www.suse.com/security/cve/CVE-2022-27774.html * https://www.suse.com/security/cve/CVE-2023-28319.html * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1198608 * https://bugzilla.suse.com/show_bug.cgi?id=1211230 * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://jira.suse.com/browse/PED-2580 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 08:30:10 -0000 Subject: SUSE-SU-2023:2224-1: important: Security update for curl Message-ID: <168431221072.26322.6967048163932416974@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2224-1 Rating: important References: * #1211230 * #1211231 * #1211232 * #1211233 Cross-References: * CVE-2023-28319 * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2023-28319 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and contains one feature can now be installed. ## Description: This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). * CVE-2023-28320: siglongjmp race condition (bsc#1211231). * CVE-2023-28321: IDN wildcard matching (bsc#1211232). * CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2224=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2224=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2224=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2224=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2224=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2224=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2224=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl-devel-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.23.1 * libcurl4-32bit-8.0.1-150400.5.23.1 * libcurl-devel-32bit-8.0.1-150400.5.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * libcurl-devel-8.0.1-150400.5.23.1 * libcurl4-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.23.1 * libcurl4-32bit-8.0.1-150400.5.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28319.html * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1211230 * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://jira.suse.com/browse/PED-2580 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 12:30:18 -0000 Subject: SUSE-SU-2023:2231-1: important: Security update for the Linux Kernel Message-ID: <168432661861.696.7460138020254089816@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2231-1 Rating: important References: * #1142685 * #1155798 * #1174777 * #1189999 * #1194869 * #1203039 * #1203325 * #1206649 * #1206891 * #1206992 * #1207088 * #1208076 * #1208845 * #1209615 * #1209693 * #1209739 * #1209871 * #1209927 * #1209999 * #1210034 * #1210158 * #1210202 * #1210206 * #1210301 * #1210329 * #1210336 * #1210337 * #1210439 * #1210453 * #1210454 * #1210469 * #1210506 * #1210629 * #1210725 * #1210762 * #1210763 * #1210764 * #1210765 * #1210766 * #1210767 * #1210768 * #1210769 * #1210770 * #1210771 * #1210793 * #1210816 * #1210817 * #1210827 * #1210943 * #1210953 * #1210986 * #1211025 Cross-References: * CVE-2022-2196 * CVE-2023-0386 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2008 * CVE-2023-2019 * CVE-2023-2176 * CVE-2023-2235 * CVE-2023-23006 * CVE-2023-30772 CVSS scores: * CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2019 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2019 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 13 vulnerabilities, contains two features and has 39 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). * CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). * CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). * CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: * ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). * ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). * ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). * ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). * ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). * ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). * ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git- fixes). * ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). * ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). * ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git- fixes). * ALSA: hda/sigmatel: fix S/PDIF out on Intel D _45_ motherboards (git-fixes). * ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). * ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). * ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). * ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). * ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). * ARM: dts: gta04: fix excess dma channel usage (git-fixes). * ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). * ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). * ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). * ASN.1: Fix check for strdup() success (git-fixes). * ASoC: cs35l41: Only disable internal boost (git-fixes). * ASoC: es8316: Handle optional IRQ assignment (git-fixes). * ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). * ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). * Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly * Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods * Bluetooth: Fix race condition in hidp_session_thread (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git- fixes). * Drivers: vmbus: Check for channel allocation before looking up relids (git- fixes). * IB/mlx5: Add support for 400G_8X lane speed (git-fixes) * Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * KEYS: Add missing function documentation (git-fixes). * KEYS: Create static version of public_key_verify_signature (git-fixes). * NFS: Cleanup unused rpc_clnt variable (git-fixes). * NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). * NFSD: callback request does not use correct credential for AUTH_SYS (git- fixes). * PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). * PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). * PCI: imx6: Install the fault handler only on compatible match (git-fixes). * PCI: loongson: Add more devices that need MRRS quirk (git-fixes). * PCI: loongson: Prevent LS7A MRRS increases (git-fixes). * PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git- fixes). * PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). * RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) * RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) * RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) * RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) * RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) * Remove obsolete KMP obsoletes (bsc#1210469). * Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). * Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * USB: serial: option: add Quectel RM500U-CN modem (git-fixes). * USB: serial: option: add Telit FE990 compositions (git-fixes). * USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). * amdgpu: disable powerpc support for the newer display engine (bsc#1194869). * arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). * arm64: dts: meson-g12-common: specify full DMC range (git-fixes). * arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git- fixes). * arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). * arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). * arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). * arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). * arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). * arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git- fixes). * arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). * arm64: enable jump-label jump-label was disabled on arm64 by a backport error. * bluetooth: Perform careful capability checks in hci_sock_ioctl() (git- fixes). * cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). * cifs: fix negotiate context parsing (bsc#1210301). * clk: add missing of_node_put() in "assigned-clocks" property parsing (git- fixes). * clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). * clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). * clk: sprd: set max_register according to mapping range (git-fixes). * clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). * config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script * cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). * cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). * cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). * crypto: caam - Clear some memory in instantiate_rng (git-fixes). * crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). * crypto: sa2ul - Select CRYPTO_DES (git-fixes). * crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). * driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). * drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). * drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git- fixes). * drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). * drm/amd/display: Fix potential null dereference (git-fixes). * drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). * drm/armada: Fix a potential double free in an error handling path (git- fixes). * drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git- fixes). * drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). * drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). * drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). * drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). * drm/i915: Fix fast wake AUX sync len (git-fixes). * drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). * drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). * drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). * drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). * drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). * drm/msm: fix NULL-deref on snapshot tear down (git-fixes). * drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). * drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). * drm/probe-helper: Cancel previous job before starting new one (git-fixes). * drm/rockchip: Drop unbalanced obj unref (git-fixes). * drm/vgem: add missing mutex_destroy (git-fixes). * drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git- fixes). * drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). * dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). * dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). * dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git- fixes). * dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). * dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). * dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git- fixes). * e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). * efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). * ext4: Fix deadlock during directory rename (bsc#1210763). * ext4: Fix possible corruption when moving a directory (bsc#1210763). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). * ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). * ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). * ext4: fix possible double unlock when moving a directory (bsc#1210763). * ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). * fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). * firmware: qcom_scm: Clear download bit during reboot (git-fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fpga: bridge: fix kernel-doc parameter description (git-fixes). * hwmon: (adt7475) Use device_property APIs when configuring polarity (git- fixes). * hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). * hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git- fixes). * i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). * i2c: hisi: Avoid redundant interrupts (git-fixes). * i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). * i2c: ocores: generate stop condition after timeout in polling mode (git- fixes). * i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). * ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). * iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). * iio: light: tsl2772: fix reading proximity-diodes from device tree (git- fixes). * ipmi: fix SSIF not responding under certain cond (git-fixes). * ipmi:ssif: Add send_retries increment (git-fixes). * k-m-s: Drop Linux 2.6 support * kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). * kABI: x86/msi: Fix msi message data shadow struct (kabi). * kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. * keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * locking/rwbase: Mitigate indefinite writer starvation. * media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). * media: max9286: Free control handler (git-fixes). * media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). * media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). * media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). * media: venus: dec: Fix handling of the start cmd (git-fixes). * memstick: fix memory leak if card device is never registered (git-fixes). * mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). * mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). * mm: take a page reference when removing device exclusive entries (bsc#1211025). * mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git- fixes). * mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). * mtd: core: fix error path for nvmem provider (git-fixes). * mtd: core: fix nvmem error reporting (git-fixes). * mtd: core: provide unique name for nvmem device, take two (git-fixes). * mtd: spi-nor: Fix a trivial typo (git-fixes). * net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). * net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git- fixes). * nfsd: call op_release, even when op_func returns an error (git-fixes). * nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). * nilfs2: initialize unused bytes in segment summary blocks (git-fixes). * nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). * nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). * nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git- fixes). * nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). * nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). * nvme-multipath: fix possible hang in live ns resize with ANA access (git- fixes). * nvme-pci: fix doorbell buffer value endianness (git-fixes). * nvme-pci: fix mempool alloc size (git-fixes). * nvme-pci: fix page size checks (git-fixes). * nvme-pci: fix timeout request state check (git-fixes). * nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). * nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). * nvme-tcp: fix regression that causes sporadic requests to time out (git- fixes). * nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git- fixes). * nvme: add device name to warning in uuid_show() (git-fixes). * nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). * nvme: copy firmware_rev on each init (git-fixes). * nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). * nvme: fix async event trace event (git-fixes). * nvme: fix handling single range discard request (git-fixes). * nvme: fix per-namespace chardev deletion (git-fixes). * nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). * nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). * nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). * nvme: move nvme_multi_css into nvme.h (git-fixes). * nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). * nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). * nvme: set dma alignment to dword (git-fixes). * nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git- fixes). * nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). * nvmet-tcp: fix incomplete data digest send (git-fixes). * nvmet-tcp: fix regression in data_digest calculation (git-fixes). * nvmet: add helpers to set the result field for connect commands (git-fixes). * nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). * nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). * nvmet: fix I/O Command Set specific Identify Controller (git-fixes). * nvmet: fix Identify Active Namespace ID list handling (git-fixes). * nvmet: fix Identify Controller handling (git-fixes). * nvmet: fix Identify Namespace handling (git-fixes). * nvmet: fix a memory leak (git-fixes). * nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). * nvmet: fix a use-after-free (git-fixes). * nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git- fixes). * nvmet: force reconnect when number of queue changes (git-fixes). * nvmet: looks at the passthrough controller when initializing CAP (git- fixes). * nvmet: only allocate a single slab for bvecs (git-fixes). * nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). * perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). * perf/core: Fix the same task check in perf_event_set_output (git fixes). * perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). * perf: fix perf_event_context->time (git fixes). * platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). * platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). * power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). * power: supply: generic-adc-battery: fix unit scaling (git-fixes). * powerpc/64: Always build with 128-bit long double (bsc#1194869). * powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). * powerpc/hv-gpci: Fix hv_gpci event list (git fixes). * powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). * powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). * powerpc: declare unmodified attribute_group usages const (git-fixes). * regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). * regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). * regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). * regulator: fan53555: Explicitly include bits header (git-fixes). * regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). * regulator: stm32-pwr: fix of_iomap leak (git-fixes). * remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). * remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). * remoteproc: st: Call of_node_put() on iteration error (git-fixes). * remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). * rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git- fixes). * rtc: omap: include header for omap_rtc_power_off_program prototype (git- fixes). * sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). * sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). * sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). * sched/fair: sanitize vruntime of entity being placed (bsc#1203325). * sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). * sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). * scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). * scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). * scsi: core: Fix a procfs host directory removal regression (git-fixes). * scsi: core: Fix a source code comment (git-fixes). * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git- fixes). * scsi: hisi_sas: Check devm_add_action() return value (git-fixes). * scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). * scsi: ipr: Work around fortify-string warning (git-fixes). * scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git- fixes). * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). * scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). * scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). * scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). * scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). * scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). * scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). * scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). * scsi: lpfc: Fix double word in comments (bsc#1210943). * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). * scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). * scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). * scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). * scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). * scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). * scsi: lpfc: Silence an incorrect device output (bsc#1210943). * scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). * scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). * scsi: megaraid_sas: Fix crash after a double completion (git-fixes). * scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). * scsi: mpt3sas: Do not print sense pool info twice (git-fixes). * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git- fixes). * scsi: mpt3sas: Fix a memory leak (git-fixes). * scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). * scsi: qla2xxx: Perform lockless command completion in abort path (git- fixes). * scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). * scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). * scsi: sd: Fix wrong zone_write_granularity value during revalidate (git- fixes). * scsi: ses: Do not attach if enclosure has no components (git-fixes). * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git- fixes). * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). * scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). * seccomp: Move copy_seccomp() to no failure path (bsc#1210817). * selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). * selftests: sigaltstack: fix -Wuninitialized (git-fixes). * selinux: ensure av_permissions.h is built when needed (git-fixes). * selinux: fix Makefile dependencies of flask.h (git-fixes). * serial: 8250: Add missing wakeup event reporting (git-fixes). * serial: 8250_bcm7271: Fix arbitration handling (git-fixes). * serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git- fixes). * serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). * signal handling: do not use BUG_ON() for debugging (bsc#1210439). * signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). * signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). * signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). * soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). * spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). * spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). * spi: qup: Do not skip cleanup in remove's error path (git-fixes). * staging: iio: resolver: ads1210: fix config mode (git-fixes). * staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git- fixes). * stat: fix inconsistency between struct stat and struct compat_stat (git- fixes). * sunrpc: only free unix grouplist after RCU settles (git-fixes). * supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) * supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) * tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). * tty: serial: fsl_lpuart: adjust buffer length to the intended size (git- fixes). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). * udf: Support splicing to file (bsc#1210770). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). * usb: dwc3: gadget: Change condition for processing suspend event (git- fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). * usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). * usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). * usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). * virt/coco/sev-guest: Add throttling awareness (bsc#1209927). * virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). * virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). * virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). * virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). * virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). * virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). * virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). * virtio_ring: do not update event idx on get_buf (git-fixes). * vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). * vmxnet3: use gro callback when UPT is enabled (bsc#1209739). * wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git- fixes). * wifi: ath6kl: minor fix for allocation size (git-fixes). * wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). * wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git- fixes). * wifi: brcmfmac: support CQM RSSI notification with older firmware (git- fixes). * wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). * wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). * wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). * wifi: iwlwifi: fw: move memset before early return (git-fixes). * wifi: iwlwifi: make the loop for card preparation effective (git-fixes). * wifi: iwlwifi: mvm: check firmware response size (git-fixes). * wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). * wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). * wifi: iwlwifi: mvm: initialize seq variable (git-fixes). * wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). * wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). * wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). * wifi: mac80211: adjust scan cancel comment/check (git-fixes). * wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). * wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). * wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). * wifi: mwifiex: mark OF related data as maybe unused (git-fixes). * wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). * wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). * wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git- fixes). * wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). * writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). * x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). * x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). * x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). * x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). * x86/entry: Avoid very early RET (git-fixes). * x86/entry: Do not call error_entry() for XENPV (git-fixes). * x86/entry: Move CLD to the start of the idtentry macro (git-fixes). * x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). * x86/entry: Switch the stack after error_entry() returns (git-fixes). * x86/fpu: Prevent FPU state corruption (git-fixes). * x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git- fixes). * x86/msi: Fix msi message data shadow struct (git-fixes). * x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). * x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). * x86/tsx: Disable TSX development mode at boot (git-fixes). * x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). * xhci: fix debugfs register accesses while suspended (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2231=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2231=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2231=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2231=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2231=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2231=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2231=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-2231=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.28.2 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * openSUSE Leap 15.4 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * dlm-kmp-rt-5.14.21-150400.15.28.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.28.2 * kernel-rt_debug-devel-5.14.21-150400.15.28.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.28.2 * cluster-md-kmp-rt-5.14.21-150400.15.28.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * gfs2-kmp-rt-5.14.21-150400.15.28.2 * ocfs2-kmp-rt-5.14.21-150400.15.28.2 * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-devel-5.14.21-150400.15.28.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-syms-rt-5.14.21-150400.15.28.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.28.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.28.2 * openSUSE Leap 15.4 (noarch) * kernel-source-rt-5.14.21-150400.15.28.1 * kernel-devel-rt-5.14.21-150400.15.28.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.28.2 * kernel-rt-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-1-150400.1.5.2 * kernel-livepatch-5_14_21-150400_15_28-rt-debuginfo-1-150400.1.5.2 * kernel-livepatch-5_14_21-150400_15_28-rt-1-150400.1.5.2 * SUSE Real Time Module 15-SP4 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-debugsource-5.14.21-150400.15.28.2 * dlm-kmp-rt-5.14.21-150400.15.28.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.28.2 * kernel-rt_debug-devel-5.14.21-150400.15.28.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.28.2 * cluster-md-kmp-rt-5.14.21-150400.15.28.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * gfs2-kmp-rt-5.14.21-150400.15.28.2 * ocfs2-kmp-rt-5.14.21-150400.15.28.2 * kernel-rt-debuginfo-5.14.21-150400.15.28.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-rt-devel-5.14.21-150400.15.28.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.28.2 * kernel-syms-rt-5.14.21-150400.15.28.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.28.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.28.2 * SUSE Real Time Module 15-SP4 (noarch) * kernel-source-rt-5.14.21-150400.15.28.1 * kernel-devel-rt-5.14.21-150400.15.28.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.28.2 * kernel-rt-5.14.21-150400.15.28.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2196.html * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2008.html * https://www.suse.com/security/cve/CVE-2023-2019.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-23006.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1142685 * https://bugzilla.suse.com/show_bug.cgi?id=1155798 * https://bugzilla.suse.com/show_bug.cgi?id=1174777 * https://bugzilla.suse.com/show_bug.cgi?id=1189999 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203039 * https://bugzilla.suse.com/show_bug.cgi?id=1203325 * https://bugzilla.suse.com/show_bug.cgi?id=1206649 * https://bugzilla.suse.com/show_bug.cgi?id=1206891 * https://bugzilla.suse.com/show_bug.cgi?id=1206992 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1208076 * https://bugzilla.suse.com/show_bug.cgi?id=1208845 * https://bugzilla.suse.com/show_bug.cgi?id=1209615 * https://bugzilla.suse.com/show_bug.cgi?id=1209693 * https://bugzilla.suse.com/show_bug.cgi?id=1209739 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209927 * https://bugzilla.suse.com/show_bug.cgi?id=1209999 * https://bugzilla.suse.com/show_bug.cgi?id=1210034 * https://bugzilla.suse.com/show_bug.cgi?id=1210158 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210206 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210439 * https://bugzilla.suse.com/show_bug.cgi?id=1210453 * https://bugzilla.suse.com/show_bug.cgi?id=1210454 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210725 * https://bugzilla.suse.com/show_bug.cgi?id=1210762 * https://bugzilla.suse.com/show_bug.cgi?id=1210763 * https://bugzilla.suse.com/show_bug.cgi?id=1210764 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210767 * https://bugzilla.suse.com/show_bug.cgi?id=1210768 * https://bugzilla.suse.com/show_bug.cgi?id=1210769 * https://bugzilla.suse.com/show_bug.cgi?id=1210770 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1210793 * https://bugzilla.suse.com/show_bug.cgi?id=1210816 * https://bugzilla.suse.com/show_bug.cgi?id=1210817 * https://bugzilla.suse.com/show_bug.cgi?id=1210827 * https://bugzilla.suse.com/show_bug.cgi?id=1210943 * https://bugzilla.suse.com/show_bug.cgi?id=1210953 * https://bugzilla.suse.com/show_bug.cgi?id=1210986 * https://bugzilla.suse.com/show_bug.cgi?id=1211025 * https://jira.suse.com/browse/PED-3750 * https://jira.suse.com/browse/PED-3759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 12:30:22 -0000 Subject: SUSE-SU-2023:2230-1: important: Security update for curl Message-ID: <168432662204.696.11068242118172219993@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2230-1 Rating: important References: * #1211231 * #1211232 * #1211233 * #1211339 Cross-References: * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). * CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). * CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2230=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libcurl4-32bit-7.37.0-37.98.1 * curl-7.37.0-37.98.1 * libcurl4-debuginfo-32bit-7.37.0-37.98.1 * curl-debugsource-7.37.0-37.98.1 * curl-debuginfo-7.37.0-37.98.1 * libcurl4-debuginfo-7.37.0-37.98.1 * libcurl4-7.37.0-37.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://bugzilla.suse.com/show_bug.cgi?id=1211339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 12:30:25 -0000 Subject: SUSE-SU-2023:2228-1: important: Security update for curl Message-ID: <168432662524.696.4485759487556616760@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2228-1 Rating: important References: * #1206309 * #1207992 * #1209209 * #1209210 * #1209211 * #1209212 * #1209214 * #1211231 * #1211232 * #1211233 * #1211339 Cross-References: * CVE-2022-43552 * CVE-2023-23916 * CVE-2023-27533 * CVE-2023-27534 * CVE-2023-27535 * CVE-2023-27536 * CVE-2023-27538 * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2022-43552 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-43552 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23916 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23916 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-27533 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-27533 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-27534 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-27534 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27535 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-27536 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27538 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-27538 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 10 vulnerabilities and has one fix can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). * CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). * CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). * CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). * CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). * CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). * CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). * CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). * CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). * CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2228=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2228=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2228=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2228=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2228=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libcurl4-debuginfo-7.60.0-4.56.1 * libcurl4-32bit-7.60.0-4.56.1 * curl-debugsource-7.60.0-4.56.1 * libcurl4-debuginfo-32bit-7.60.0-4.56.1 * libcurl4-7.60.0-4.56.1 * curl-debuginfo-7.60.0-4.56.1 * curl-7.60.0-4.56.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libcurl4-debuginfo-7.60.0-4.56.1 * libcurl4-32bit-7.60.0-4.56.1 * curl-debugsource-7.60.0-4.56.1 * libcurl4-debuginfo-32bit-7.60.0-4.56.1 * libcurl4-7.60.0-4.56.1 * curl-debuginfo-7.60.0-4.56.1 * curl-7.60.0-4.56.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libcurl4-debuginfo-7.60.0-4.56.1 * curl-debugsource-7.60.0-4.56.1 * libcurl4-7.60.0-4.56.1 * curl-debuginfo-7.60.0-4.56.1 * curl-7.60.0-4.56.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libcurl4-debuginfo-32bit-7.60.0-4.56.1 * libcurl4-32bit-7.60.0-4.56.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libcurl4-debuginfo-7.60.0-4.56.1 * curl-debugsource-7.60.0-4.56.1 * libcurl4-7.60.0-4.56.1 * curl-debuginfo-7.60.0-4.56.1 * curl-7.60.0-4.56.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libcurl4-debuginfo-32bit-7.60.0-4.56.1 * libcurl4-32bit-7.60.0-4.56.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-7.60.0-4.56.1 * curl-debugsource-7.60.0-4.56.1 * libcurl4-7.60.0-4.56.1 * curl-debuginfo-7.60.0-4.56.1 * curl-7.60.0-4.56.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libcurl4-debuginfo-32bit-7.60.0-4.56.1 * libcurl4-32bit-7.60.0-4.56.1 ## References: * https://www.suse.com/security/cve/CVE-2022-43552.html * https://www.suse.com/security/cve/CVE-2023-23916.html * https://www.suse.com/security/cve/CVE-2023-27533.html * https://www.suse.com/security/cve/CVE-2023-27534.html * https://www.suse.com/security/cve/CVE-2023-27535.html * https://www.suse.com/security/cve/CVE-2023-27536.html * https://www.suse.com/security/cve/CVE-2023-27538.html * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1206309 * https://bugzilla.suse.com/show_bug.cgi?id=1207992 * https://bugzilla.suse.com/show_bug.cgi?id=1209209 * https://bugzilla.suse.com/show_bug.cgi?id=1209210 * https://bugzilla.suse.com/show_bug.cgi?id=1209211 * https://bugzilla.suse.com/show_bug.cgi?id=1209212 * https://bugzilla.suse.com/show_bug.cgi?id=1209214 * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://bugzilla.suse.com/show_bug.cgi?id=1211339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 12:30:28 -0000 Subject: SUSE-SU-2023:2227-1: important: Security update for curl Message-ID: <168432662867.696.8067397300357823815@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2227-1 Rating: important References: * #1211231 * #1211232 * #1211233 * #1211339 Cross-References: * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). * CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). * CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2227=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2227=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2227=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2227=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2227=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2227=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2227=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2227=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2227=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2227=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2227=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2227=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2227=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2227=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Manager Proxy 4.2 (x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Manager Server 4.2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Enterprise Storage 7.1 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * libcurl-devel-7.66.0-150200.4.57.1 * SUSE Enterprise Storage 7 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.57.1 * libcurl4-32bit-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcurl4-debuginfo-7.66.0-150200.4.57.1 * curl-debuginfo-7.66.0-150200.4.57.1 * curl-debugsource-7.66.0-150200.4.57.1 * libcurl4-7.66.0-150200.4.57.1 * curl-7.66.0-150200.4.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://bugzilla.suse.com/show_bug.cgi?id=1211339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:16 -0000 Subject: SUSE-SU-2023:2232-1: important: Security update for the Linux Kernel Message-ID: <168434101667.453.14474130829240848818@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2232-1 Rating: important References: * #1076830 * #1194535 * #1202353 * #1205128 * #1207036 * #1207125 * #1207168 * #1207185 * #1207795 * #1207845 * #1208179 * #1208333 * #1208599 * #1208777 * #1208837 * #1208850 * #1209008 * #1209052 * #1209256 * #1209289 * #1209291 * #1209532 * #1209547 * #1209549 * #1209613 * #1209687 * #1209777 * #1209778 * #1209845 * #1209871 * #1209887 * #1210124 * #1210202 * #1210301 * #1210329 * #1210336 * #1210337 * #1210469 * #1210498 * #1210506 * #1210647 * #1211037 Cross-References: * CVE-2017-5753 * CVE-2020-36691 * CVE-2021-3923 * CVE-2021-4203 * CVE-2022-20567 * CVE-2022-43945 * CVE-2023-0590 * CVE-2023-0597 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1118 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1611 * CVE-2023-1670 * CVE-2023-1855 * CVE-2023-1989 * CVE-2023-1990 * CVE-2023-1998 * CVE-2023-2124 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-2483 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 * CVE-2023-30772 CVSS scores: * CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-43945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 28 vulnerabilities and has 14 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). * CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). * CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). * CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). * CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * Fix kABI breakage (bsc#1208333) * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). * PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * Remove obsolete KMP obsoletes (bsc#1210469). * Replace mkinitrd dependency with dracut (bsc#1202353). * cifs: fix double free in dfs mounts (bsc#1209845). * cifs: fix negotiate context parsing (bsc#1210301). * cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). * cifs: missing null pointer check in cifs_mount (bsc#1209845). * cifs: serialize all mount attempts (bsc#1209845). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * k-m-s: Drop Linux 2.6 support * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2232=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2232=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2232=1 SUSE-SLE- SAP-12-SP4-2023-2232=1 * SUSE Linux Enterprise High Availability Extension 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2232=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2232=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2232=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2232=1 ## Package List: * SUSE OpenStack Cloud 9 (nosrc x86_64) * kernel-default-4.12.14-95.125.1 * SUSE OpenStack Cloud 9 (x86_64) * kernel-default-base-debuginfo-4.12.14-95.125.1 * kernel-default-base-4.12.14-95.125.1 * kernel-default-devel-debuginfo-4.12.14-95.125.1 * kernel-default-devel-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * kernel-default-debugsource-4.12.14-95.125.1 * kernel-syms-4.12.14-95.125.1 * SUSE OpenStack Cloud 9 (noarch) * kernel-source-4.12.14-95.125.1 * kernel-macros-4.12.14-95.125.1 * kernel-devel-4.12.14-95.125.1 * SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64) * kernel-default-4.12.14-95.125.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * kernel-default-base-debuginfo-4.12.14-95.125.1 * kernel-default-base-4.12.14-95.125.1 * kernel-default-devel-debuginfo-4.12.14-95.125.1 * kernel-default-devel-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * kernel-default-debugsource-4.12.14-95.125.1 * kernel-syms-4.12.14-95.125.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * kernel-source-4.12.14-95.125.1 * kernel-macros-4.12.14-95.125.1 * kernel-devel-4.12.14-95.125.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * cluster-md-kmp-default-4.12.14-95.125.1 * gfs2-kmp-default-4.12.14-95.125.1 * kernel-default-base-debuginfo-4.12.14-95.125.1 * kernel-default-base-4.12.14-95.125.1 * ocfs2-kmp-default-debuginfo-4.12.14-95.125.1 * cluster-md-kmp-default-debuginfo-4.12.14-95.125.1 * gfs2-kmp-default-debuginfo-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * kernel-default-devel-4.12.14-95.125.1 * dlm-kmp-default-debuginfo-4.12.14-95.125.1 * dlm-kmp-default-4.12.14-95.125.1 * drbd-debugsource-9.0.14+git.62f906cf-4.26.2 * drbd-9.0.14+git.62f906cf-4.26.2 * kernel-default-debugsource-4.12.14-95.125.1 * drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.125-4.26.2 * ocfs2-kmp-default-4.12.14-95.125.1 * kernel-syms-4.12.14-95.125.1 * drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.125-4.26.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64) * kernel-default-4.12.14-95.125.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * kernel-source-4.12.14-95.125.1 * kernel-macros-4.12.14-95.125.1 * kernel-devel-4.12.14-95.125.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.125.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (ppc64le s390x x86_64) * cluster-md-kmp-default-4.12.14-95.125.1 * gfs2-kmp-default-4.12.14-95.125.1 * ocfs2-kmp-default-debuginfo-4.12.14-95.125.1 * cluster-md-kmp-default-debuginfo-4.12.14-95.125.1 * gfs2-kmp-default-debuginfo-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * dlm-kmp-default-debuginfo-4.12.14-95.125.1 * dlm-kmp-default-4.12.14-95.125.1 * drbd-debugsource-9.0.14+git.62f906cf-4.26.2 * drbd-9.0.14+git.62f906cf-4.26.2 * kernel-default-debugsource-4.12.14-95.125.1 * drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.125-4.26.2 * ocfs2-kmp-default-4.12.14-95.125.1 * drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.125-4.26.2 * SUSE Linux Enterprise High Availability Extension 12 SP4 (nosrc) * kernel-default-4.12.14-95.125.1 * SUSE Linux Enterprise Live Patching 12-SP4 (nosrc) * kernel-default-4.12.14-95.125.1 * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kernel-default-kgraft-devel-4.12.14-95.125.1 * kgraft-patch-4_12_14-95_125-default-1-6.5.1 * kernel-default-kgraft-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 nosrc x86_64) * kernel-default-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * kernel-default-base-debuginfo-4.12.14-95.125.1 * kernel-default-base-4.12.14-95.125.1 * kernel-default-devel-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * kernel-default-debugsource-4.12.14-95.125.1 * kernel-syms-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * kernel-source-4.12.14-95.125.1 * kernel-macros-4.12.14-95.125.1 * kernel-devel-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-base-debuginfo-4.12.14-95.125.1 * kernel-default-base-4.12.14-95.125.1 * kernel-default-devel-4.12.14-95.125.1 * kernel-default-debuginfo-4.12.14-95.125.1 * kernel-default-debugsource-4.12.14-95.125.1 * kernel-syms-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * kernel-source-4.12.14-95.125.1 * kernel-macros-4.12.14-95.125.1 * kernel-devel-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x) * kernel-default-man-4.12.14-95.125.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.125.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2021-4203.html * https://www.suse.com/security/cve/CVE-2022-20567.html * https://www.suse.com/security/cve/CVE-2022-43945.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1855.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-1990.html * https://www.suse.com/security/cve/CVE-2023-1998.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://www.suse.com/security/cve/CVE-2023-30772.html * https://bugzilla.suse.com/show_bug.cgi?id=1076830 * https://bugzilla.suse.com/show_bug.cgi?id=1194535 * https://bugzilla.suse.com/show_bug.cgi?id=1202353 * https://bugzilla.suse.com/show_bug.cgi?id=1205128 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208333 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208850 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209613 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209845 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 * https://bugzilla.suse.com/show_bug.cgi?id=1210124 * https://bugzilla.suse.com/show_bug.cgi?id=1210202 * https://bugzilla.suse.com/show_bug.cgi?id=1210301 * https://bugzilla.suse.com/show_bug.cgi?id=1210329 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210337 * https://bugzilla.suse.com/show_bug.cgi?id=1210469 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210506 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:18 -0000 Subject: SUSE-RU-2023:2239-1: low: Recommended update for zram-generator Message-ID: <168434101849.453.15915946424745625555@smelt2.suse.de> # Recommended update for zram-generator Announcement ID: SUSE-RU-2023:2239-1 Rating: low References: * #1200961 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for zram-generator fixes the following issues: * Fixed typo in the description (bsc#1200961) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2239=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2239=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * zram-generator-debugsource-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-debuginfo-1.1.1~git5.8612dbb-150400.3.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zram-generator-debugsource-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-debuginfo-1.1.1~git5.8612dbb-150400.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:20 -0000 Subject: SUSE-SU-2023:2238-1: important: Security update for java-1_8_0-openjdk Message-ID: <168434102094.453.8557482629141120180@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:2238-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: * Updated to version jdk8u372 (icedtea-3.27.0): * CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). * CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). * CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). * CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). * CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). * CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). * CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2238=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2238=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2238=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2238=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2238=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2238=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2238=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2238=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2238=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-1.8.0.372-27.87.1 * java-1_8_0-openjdk-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-27.87.1 * java-1_8_0-openjdk-headless-1.8.0.372-27.87.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-27.87.1 * java-1_8_0-openjdk-demo-1.8.0.372-27.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:23 -0000 Subject: SUSE-RU-2023:2237-1: moderate: Recommended update for vim Message-ID: <168434102319.453.2352996476240522099@smelt2.suse.de> # Recommended update for vim Announcement ID: SUSE-RU-2023:2237-1 Rating: moderate References: * #1211144 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2237=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2237=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2237=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2237=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2237=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2237=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2237=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2237=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2237=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2237=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2237=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2237=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2237=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2237=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2237=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2237=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2237=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2237=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2237=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2237=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2237=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2237=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2237=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2237=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2237=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2237=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2237=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2237=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2237=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-debugsource-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * xxd-9.0.1443-150000.5.43.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * Basesystem Module 15-SP5 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1443-150000.5.43.1 * gvim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1443-150000.5.43.1 * gvim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Manager Proxy 4.2 (x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Manager Proxy 4.2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Manager Server 4.2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Enterprise Storage 7 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-9.0.1443-150000.5.43.1 * gvim-debuginfo-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * vim-data-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1443-150000.5.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1443-150000.5.43.1 * vim-small-9.0.1443-150000.5.43.1 * xxd-9.0.1443-150000.5.43.1 * vim-debugsource-9.0.1443-150000.5.43.1 * vim-debuginfo-9.0.1443-150000.5.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:24 -0000 Subject: SUSE-RU-2023:2236-1: critical: Security update for python-looseversion Message-ID: <168434102439.453.12783295473876601348@smelt2.suse.de> # Security update for python-looseversion Announcement ID: SUSE-RU-2023:2236-1 Rating: critical References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for python-looseversion fixes the following issues: * Provide python-looseversion version 1.0.2 as new Salt 3006 dependency. (jsc#PED-4360) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2236=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2236=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2236=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2236=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2236=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2236=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2236=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2236=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2236=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2236=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2236=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2236=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2236=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2236=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2236=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2236=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2236=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2236=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2236=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2236=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2236=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2236=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2236=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2236=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2236=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2236=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2236=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * openSUSE Leap 15.4 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * Basesystem Module 15-SP4 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * Basesystem Module 15-SP5 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Manager Server 4.2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Enterprise Storage 7 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE CaaS Platform 4.0 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-looseversion-1.0.2-150100.3.3.1 ## References: * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-4360 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:25 -0000 Subject: SUSE-RU-2023:2235-1: moderate: Recommended update for selinux-policy Message-ID: <168434102537.453.4486140178166318087@smelt2.suse.de> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:2235-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that can now be installed. ## Description: This update for selinux-policy fixes the following issue: * Prevent labeling of overlayfs mountpoint. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2235=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2235=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-20221019-150400.4.3.1 * selinux-policy-targeted-20221019-150400.4.3.1 * selinux-policy-devel-20221019-150400.4.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-20221019-150400.4.3.1 * selinux-policy-targeted-20221019-150400.4.3.1 * selinux-policy-devel-20221019-150400.4.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:27 -0000 Subject: SUSE-SU-2023:2234-1: important: Security update for ovmf Message-ID: <168434102750.453.1172565419997420838@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:2234-1 Rating: important References: * #1174246 * #1196741 * #1205613 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741). * CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246). * revert a patch to fix xen boot problems (bsc#1205613) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2234=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2234=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2234=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2234=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2234=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2234=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2234=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * openSUSE Leap 15.4 (aarch64 x86_64) * ovmf-202202-150400.5.10.1 * ovmf-tools-202202-150400.5.10.1 * openSUSE Leap 15.4 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch32-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * qemu-ovmf-ia32-202202-150400.5.10.1 * openSUSE Leap 15.4 (x86_64) * qemu-ovmf-x86_64-debug-202202-150400.5.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 * Server Applications Module 15-SP4 (aarch64 x86_64) * ovmf-202202-150400.5.10.1 * ovmf-tools-202202-150400.5.10.1 * Server Applications Module 15-SP4 (noarch) * qemu-ovmf-x86_64-202202-150400.5.10.1 * qemu-uefi-aarch64-202202-150400.5.10.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 * https://bugzilla.suse.com/show_bug.cgi?id=1205613 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 16:30:29 -0000 Subject: SUSE-SU-2023:2233-1: important: Security update for cups-filters Message-ID: <168434102930.453.8182843985581921583@smelt2.suse.de> # Security update for cups-filters Announcement ID: SUSE-SU-2023:2233-1 Rating: important References: * #1211340 Cross-References: * CVE-2023-24805 CVSS scores: * CVE-2023-24805 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2233=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2233=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2233=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2233=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2233=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2233=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2233=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2233=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2233=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2233=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2233=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2233=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2233=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cups-filters-1.25.0-150200.3.6.1 * cups-filters-devel-1.25.0-150200.3.6.1 * cups-filters-debugsource-1.25.0-150200.3.6.1 * cups-filters-debuginfo-1.25.0-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24805.html * https://bugzilla.suse.com/show_bug.cgi?id=1211340 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 17 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2023 20:30:04 -0000 Subject: SUSE-RU-2023:2240-1: moderate: Recommended update for systemd Message-ID: <168435540450.453.711127349178569519@smelt2.suse.de> # Recommended update for systemd Announcement ID: SUSE-RU-2023:2240-1 Rating: moderate References: * #1203141 * #1207410 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has two recommended fixes can now be installed. ## Description: This update for systemd fixes the following issues: * udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) * Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) * Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2240=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2240=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2240=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2240=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2240=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2240=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2240=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2240=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * systemd-experimental-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * systemd-testsuite-249.16-150400.8.28.3 * nss-systemd-debuginfo-249.16-150400.8.28.3 * systemd-devel-249.16-150400.8.28.3 * systemd-portable-debuginfo-249.16-150400.8.28.3 * systemd-testsuite-debuginfo-249.16-150400.8.28.3 * systemd-doc-249.16-150400.8.28.3 * systemd-network-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * nss-myhostname-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-container-249.16-150400.8.28.3 * systemd-coredump-249.16-150400.8.28.3 * nss-myhostname-249.16-150400.8.28.3 * systemd-network-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-coredump-debuginfo-249.16-150400.8.28.3 * systemd-experimental-debuginfo-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-portable-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * nss-systemd-249.16-150400.8.28.3 * openSUSE Leap 15.4 (x86_64) * systemd-32bit-debuginfo-249.16-150400.8.28.3 * libudev1-32bit-debuginfo-249.16-150400.8.28.3 * libudev1-32bit-249.16-150400.8.28.3 * libsystemd0-32bit-249.16-150400.8.28.3 * systemd-32bit-249.16-150400.8.28.3 * nss-myhostname-32bit-debuginfo-249.16-150400.8.28.3 * libsystemd0-32bit-debuginfo-249.16-150400.8.28.3 * nss-myhostname-32bit-249.16-150400.8.28.3 * openSUSE Leap 15.4 (noarch) * systemd-lang-249.16-150400.8.28.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-container-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * systemd-coredump-debuginfo-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * systemd-devel-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-coredump-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-doc-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * Basesystem Module 15-SP4 (noarch) * systemd-lang-249.16-150400.8.28.3 * Basesystem Module 15-SP4 (x86_64) * systemd-32bit-debuginfo-249.16-150400.8.28.3 * libudev1-32bit-debuginfo-249.16-150400.8.28.3 * libudev1-32bit-249.16-150400.8.28.3 * libsystemd0-32bit-249.16-150400.8.28.3 * systemd-32bit-249.16-150400.8.28.3 * libsystemd0-32bit-debuginfo-249.16-150400.8.28.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-network-249.16-150400.8.28.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203141 * https://bugzilla.suse.com/show_bug.cgi?id=1207410 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 07:04:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 09:04:01 +0200 (CEST) Subject: SUSE-CU-2023:1599-1: Security update of bci/openjdk-devel Message-ID: <20230518070401.5D168FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1599-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.101 Container Release : 39.101 Severity : important Type : security References : 1210628 1210631 1210632 1210634 1210635 1210636 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2222-1 Released: Tue May 16 17:41:47 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). The following package changes have been done: - java-11-openjdk-headless-11.0.19.0-150000.3.96.1 updated - java-11-openjdk-11.0.19.0-150000.3.96.1 updated - java-11-openjdk-devel-11.0.19.0-150000.3.96.1 updated - container:bci-openjdk-11-15.4.11-35.52 updated From sle-updates at lists.suse.com Thu May 18 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2242-1: important: Security update for java-1_8_0-openjdk Message-ID: <168439860379.3189.16996533672748357644@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:2242-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: * Updated to version jdk8u372 (icedtea-3.27.0): * CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). * CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). * CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). * CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). * CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). * CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). * CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2242=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2242=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2242=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2242=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2242=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2242=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2242=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2242=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2242=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2242=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2242=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2242=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.372-150000.3.79.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2241-1: moderate: Security update for mysql-connector-java Message-ID: <168439860551.3189.7555928972016202462@smelt2.suse.de> # Security update for mysql-connector-java Announcement ID: SUSE-SU-2023:2241-1 Rating: moderate References: * #1211247 Cross-References: * CVE-2023-21971 CVSS scores: * CVE-2023-21971 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H * CVE-2023-21971 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for mysql-connector-java fixes the following issues: * CVE-2023-21971: Fixed a crash in MySQL Connectors that could be triggered by an authenticated remote user (bsc#1211247). * Ship protobuf 3.9.2 compatible generated files to support older distro versions. * Update to 8.0.32: * MysqlDataSource fails to URL encode database name when constructing JDBC URL. * serverSideStatementCache ignores resultSetType. * UpdatableResultSet does not properly handle unsigned primary key. * Connector/J 8 query with explain can not return ResultRow. * Add support to row alias on INSERT... ON DUPLICATE KEY UPDATE on batch mode. * connectionCollation ignored if characterEncoding is set. * Connector/J rejects UNION with CTE. * Malformed packet generation for `COM_STMT_EXECUTE`. * Connector/J client hangs after prepare & execute process with old version server. * Contribution: Fix name of relocation POM file. * Contribution: [PATCH] Remove superfluous use of boxing. * Contribution: Recognize "ON DUPLICATE KEY UPDATE" in "INSERT SET" Statement. * RPM and DEB builds broken after introducing javadoc for maven bundles. * Sonatype compliant POM and maven bundles. * Upgrade 3rd party libraries and tools. * Upgrade Protocol Buffers dependency to protobuf-java-3.21.9. * As Oracle renamed the package to "mysql-connector-j", we are "providing" both names for now, but the package has to be renamed to accommodate the change because the old name will be deprecated at some point in the future without further notice. * Update to 8.0.31: Functionality Added or Changed * Important Change: To comply with proper naming guidelines, the Maven groupId and artifactId for Connector/J have been changed to the following starting with this release: groupId: com.mysql artifactId: mysql-connector-j * The old groupId and artifactId can still be used for linking the Connector/J library, but they will point to a Maven relocation POM, redirecting users to the new coordinates. Please switch to the new coordinates as soon as possible, as the old coordinates could be discontinued anytime without notice. See Installing Connector/J Using Maven. * Also, to go with these changes, the .jar library for Connector/J has been renamed to mysql-connector-j-x.y.z for all channels of distribution by Oracle, not just the Maven repository. * Before release 8.0.29, Connector/J always interpolated byte arrays as hexadecimal literals when obtaining a prepared statement's string representation by the toString() method. Since 8.0.29, all byte array values were displayed as ** BYTE ARRAY DATA ** when converted to strings. The same is also true for null values. * To allow different ways to display byte array data and null values, a new connection property, maxByteArrayAsHex, has been introduced: byte arrays shorter than the value of maxByteArrayAsHex are now shown as hexadecimal literals like before release 8.0.29. Any byte arrays longer than this value are interpolated generically as ** BYTE ARRAY DATA **. Bugs Fixed * X DevAPI: When parsing a string into a JSON string, some escape character sequences were not parsed properly, causing the Server to throw a com.mysql.cj.exceptions.WrongArgumentException when receiving the JSON value. This fix ensures that escape sequences are handled properly. * X DevAPI: When using the modify() method on JSON documents, any backslashes inside a literal to be used for the modification were lost. This fix corrects the mistakes in the expression parser that caused the issue. * Executing a PreparedStatment after applying setFetchSize(0) on it caused an ArrayIndexOutOfBoundsException. * Due to some old limitations, when used with Java applets, Connector/J found out the default character set on a system by various workarounds like reading the system property file.encoding, using an OutpuStreamWriter, etc. With this fix, Connector/J now uses Charset.defaultCharset(), the standard method for the purpose. * Update to 8.0.30: Functionality Added or Changed * X DevAPI: For document-modifying methods that are chained after modify() and take a document path expression as one of its arguments (that is, set(), unset(), arrayInsert(), arrayAppend()), Connector/J now throws an error when the document path is empty or is a null string. Bugs Fixed * Historically, MySQL Server has used utf8 as an alias for utf8mb3. Since release 8.0.29, utf8mb3 has become a recognized (though deprecated) character set on its own for MySQL Server and to make things consistent, in release 8.0.30, any collations prefixed with utf8_ are now prefixed with utf8mb3_ instead. To go with that change, Connector/J has updated its character set and collation mapping accordingly in this release, and users are encouraged to update to Connector/J 8.0.30 to avoid potential issues when working with MySQL Server 8.0.30 or later. * A few links in the CONTRIBUTING.md file in the distribution packages were broken. They have now been fixed or removed. * The description for the connection property rewriteBatchedStatements has been corrected, removing the limitation that server-sided prepared statements could not take advantage of the rewrite option. * A spelling error has been fixed in the source file for the PropertyDefinitions class. Thanks to Weijie Wu for contributing the fix. * DatabaseMetaData.getTypeInfo always returned false for AUTO_INCREMENT for all data types. With this fix, Connector/J returns the correct value for each data type. Also, the missing types DOUBLE UNSIGNED and DOUBLE PRECISION UNSIGNED have been added to the ResultSet. * Contrary to the the MySQL requirement for comments, Connector/J did not require a whitespace (or a control character such as a newline) after "--" to mark the beginning of a comment within a SQL statement. This fix aligns Connector/J with the MySQL requirement. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2241=1 ## Package List: * openSUSE Leap 15.4 (noarch) * mysql-connector-java-8.0.32-150200.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21971.html * https://bugzilla.suse.com/show_bug.cgi?id=1211247 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:05 -0000 Subject: SUSE-RU-2023:2249-1: moderate: Recommended update for libzypp, zypper Message-ID: <168442740520.13806.9172407384037388925@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2249-1 Rating: moderate References: * #1203248 * #1203249 * #1208329 * #428822 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has four recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Removing a PTF without enabled repos should always fail (bsc#1203248) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Add expert (allow-*) options to all installer commands (bsc#428822) * Provide "removeptf" command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2249=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2249=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2249=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2249=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2249=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2249=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2249=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2249=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2249=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE OpenStack Cloud 9 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-debugsource-16.22.7-48.2 * libzypp-debuginfo-16.22.7-48.2 * libzypp-devel-16.22.7-48.2 * libzypp-devel-doc-16.22.7-48.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * zypper-log-1.13.64-21.55.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * zypper-1.13.64-21.55.2 * libzypp-debuginfo-16.22.7-48.2 * zypper-debugsource-1.13.64-21.55.2 * libzypp-debugsource-16.22.7-48.2 * libzypp-16.22.7-48.2 * zypper-debuginfo-1.13.64-21.55.2 * libzypp-devel-16.22.7-48.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * zypper-log-1.13.64-21.55.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203248 * https://bugzilla.suse.com/show_bug.cgi?id=1203249 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=428822 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:08 -0000 Subject: SUSE-RU-2023:2248-1: moderate: Recommended update for libzypp, zypper Message-ID: <168442740800.13806.8453922497120352010@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2248-1 Rating: moderate References: * #1127591 * #1195633 * #1208329 * #1209406 * #1210870 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) * multicurl: propagate ssl settings stored in repo url (bsc#1127591) * MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Teach MediaNetwork to retry on HTTP2 errors. * Fix selecting installed patterns from picklist (bsc#1209406) * man: better explanation of --priority ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2248=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2248=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2248=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2248=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150100.4.12.1 * libzypp-17.31.11-150100.3.103.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsolv-tools-0.7.24-150100.4.12.1 * libzypp-17.31.11-150100.3.103.1 * libzypp-debuginfo-17.31.11-150100.3.103.1 * python3-solv-0.7.24-150100.4.12.1 * ruby-solv-0.7.24-150100.4.12.1 * python3-solv-debuginfo-0.7.24-150100.4.12.1 * libsolv-debuginfo-0.7.24-150100.4.12.1 * ruby-solv-debuginfo-0.7.24-150100.4.12.1 * zypper-1.14.60-150100.3.76.1 * zypper-debugsource-1.14.60-150100.3.76.1 * perl-solv-0.7.24-150100.4.12.1 * perl-solv-debuginfo-0.7.24-150100.4.12.1 * libzypp-devel-17.31.11-150100.3.103.1 * libsolv-debugsource-0.7.24-150100.4.12.1 * libsolv-devel-debuginfo-0.7.24-150100.4.12.1 * libzypp-debugsource-17.31.11-150100.3.103.1 * libsolv-tools-debuginfo-0.7.24-150100.4.12.1 * libsolv-devel-0.7.24-150100.4.12.1 * zypper-debuginfo-1.14.60-150100.3.76.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.60-150100.3.76.1 * zypper-log-1.14.60-150100.3.76.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150100.4.12.1 * libzypp-17.31.11-150100.3.103.1 * libzypp-debuginfo-17.31.11-150100.3.103.1 * python3-solv-0.7.24-150100.4.12.1 * ruby-solv-0.7.24-150100.4.12.1 * python3-solv-debuginfo-0.7.24-150100.4.12.1 * libsolv-debuginfo-0.7.24-150100.4.12.1 * ruby-solv-debuginfo-0.7.24-150100.4.12.1 * zypper-1.14.60-150100.3.76.1 * zypper-debugsource-1.14.60-150100.3.76.1 * perl-solv-0.7.24-150100.4.12.1 * perl-solv-debuginfo-0.7.24-150100.4.12.1 * libzypp-devel-17.31.11-150100.3.103.1 * libsolv-debugsource-0.7.24-150100.4.12.1 * libsolv-devel-debuginfo-0.7.24-150100.4.12.1 * libzypp-debugsource-17.31.11-150100.3.103.1 * libsolv-tools-debuginfo-0.7.24-150100.4.12.1 * libsolv-devel-0.7.24-150100.4.12.1 * zypper-debuginfo-1.14.60-150100.3.76.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.60-150100.3.76.1 * zypper-log-1.14.60-150100.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsolv-tools-0.7.24-150100.4.12.1 * libzypp-17.31.11-150100.3.103.1 * libzypp-debuginfo-17.31.11-150100.3.103.1 * python3-solv-0.7.24-150100.4.12.1 * ruby-solv-0.7.24-150100.4.12.1 * python3-solv-debuginfo-0.7.24-150100.4.12.1 * libsolv-debuginfo-0.7.24-150100.4.12.1 * ruby-solv-debuginfo-0.7.24-150100.4.12.1 * zypper-1.14.60-150100.3.76.1 * zypper-debugsource-1.14.60-150100.3.76.1 * perl-solv-0.7.24-150100.4.12.1 * perl-solv-debuginfo-0.7.24-150100.4.12.1 * libzypp-devel-17.31.11-150100.3.103.1 * libsolv-debugsource-0.7.24-150100.4.12.1 * libsolv-devel-debuginfo-0.7.24-150100.4.12.1 * libzypp-debugsource-17.31.11-150100.3.103.1 * libsolv-tools-debuginfo-0.7.24-150100.4.12.1 * libsolv-devel-0.7.24-150100.4.12.1 * zypper-debuginfo-1.14.60-150100.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-needs-restarting-1.14.60-150100.3.76.1 * zypper-log-1.14.60-150100.3.76.1 * SUSE CaaS Platform 4.0 (x86_64) * libsolv-tools-0.7.24-150100.4.12.1 * libzypp-17.31.11-150100.3.103.1 * libzypp-debuginfo-17.31.11-150100.3.103.1 * python3-solv-0.7.24-150100.4.12.1 * ruby-solv-0.7.24-150100.4.12.1 * python3-solv-debuginfo-0.7.24-150100.4.12.1 * libsolv-debuginfo-0.7.24-150100.4.12.1 * ruby-solv-debuginfo-0.7.24-150100.4.12.1 * zypper-1.14.60-150100.3.76.1 * zypper-debugsource-1.14.60-150100.3.76.1 * perl-solv-0.7.24-150100.4.12.1 * perl-solv-debuginfo-0.7.24-150100.4.12.1 * libzypp-devel-17.31.11-150100.3.103.1 * libsolv-debugsource-0.7.24-150100.4.12.1 * libsolv-devel-debuginfo-0.7.24-150100.4.12.1 * libzypp-debugsource-17.31.11-150100.3.103.1 * libsolv-tools-debuginfo-0.7.24-150100.4.12.1 * libsolv-devel-0.7.24-150100.4.12.1 * zypper-debuginfo-1.14.60-150100.3.76.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-needs-restarting-1.14.60-150100.3.76.1 * zypper-log-1.14.60-150100.3.76.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1127591 * https://bugzilla.suse.com/show_bug.cgi?id=1195633 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=1209406 * https://bugzilla.suse.com/show_bug.cgi?id=1210870 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:10 -0000 Subject: SUSE-RU-2023:2247-1: moderate: Recommended update for libzypp, zypper Message-ID: <168442741047.13806.13680973298461231496@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2247-1 Rating: moderate References: * #1127591 * #1195633 * #1208329 * #1209406 * #1210870 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) * multicurl: propagate ssl settings stored in repo url (bsc#1127591) * MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Teach MediaNetwork to retry on HTTP2 errors. * Fix selecting installed patterns from picklist (bsc#1209406) * man: better explanation of --priority ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-2247=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2247=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2247=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2247=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2247=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2247=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2247=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2247=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2247=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2247=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2247=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2247=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2247=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2247=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2247=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2247=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2247=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libzypp-17.31.11-150200.61.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Manager Proxy 4.2 (x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Manager Proxy 4.2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Manager Server 4.2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Enterprise Storage 7.1 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libsolv-tools-0.7.24-150200.18.1 * libsolv-devel-debuginfo-0.7.24-150200.18.1 * libsolv-devel-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * ruby-solv-0.7.24-150200.18.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-devel-17.31.11-150200.61.1 * libzypp-17.31.11-150200.61.1 * ruby-solv-debuginfo-0.7.24-150200.18.1 * zypper-debugsource-1.14.60-150200.51.1 * perl-solv-0.7.24-150200.18.1 * perl-solv-debuginfo-0.7.24-150200.18.1 * zypper-1.14.60-150200.51.1 * python3-solv-debuginfo-0.7.24-150200.18.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * python3-solv-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Enterprise Storage 7 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * zypper-log-1.14.60-150200.51.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-17.31.11-150200.61.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-17.31.11-150200.61.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150200.18.1 * libzypp-debugsource-17.31.11-150200.61.1 * zypper-debuginfo-1.14.60-150200.51.1 * libzypp-17.31.11-150200.61.1 * zypper-debugsource-1.14.60-150200.51.1 * zypper-1.14.60-150200.51.1 * libsolv-tools-debuginfo-0.7.24-150200.18.1 * libsolv-debuginfo-0.7.24-150200.18.1 * libsolv-debugsource-0.7.24-150200.18.1 * libzypp-debuginfo-17.31.11-150200.61.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.60-150200.51.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1127591 * https://bugzilla.suse.com/show_bug.cgi?id=1195633 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=1209406 * https://bugzilla.suse.com/show_bug.cgi?id=1210870 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:12 -0000 Subject: SUSE-RU-2023:2246-1: moderate: Recommended update for libzypp, zypper Message-ID: <168442741260.13806.7210350446676025491@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2246-1 Rating: moderate References: * #1203248 * #1203249 * #1208329 * #428822 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that has four recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Removing a PTF without enabled repos should always fail (bsc#1203248) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Add expert (allow-*) options to all installer commands (bsc#428822) * Provide "removeptf" command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2246=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libzypp-devel-16.22.7-27.97.2 * zypper-debugsource-1.13.64-18.68.2 * libzypp-16.22.7-27.97.2 * libzypp-debuginfo-16.22.7-27.97.2 * zypper-1.13.64-18.68.2 * zypper-debuginfo-1.13.64-18.68.2 * libzypp-debugsource-16.22.7-27.97.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * zypper-log-1.13.64-18.68.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203248 * https://bugzilla.suse.com/show_bug.cgi?id=1203249 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=428822 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:15 -0000 Subject: SUSE-RU-2023:2245-1: moderate: Recommended update for libzypp, zypper Message-ID: <168442741505.13806.14773149968900935597@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2245-1 Rating: moderate References: * #1127591 * #1195633 * #1208329 * #1209406 * #1210870 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) * multicurl: propagate ssl settings stored in repo url (bsc#1127591) * MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Teach MediaNetwork to retry on HTTP2 errors. * Fix selecting installed patterns from picklist (bsc#1209406) * man: better explanation of --priority ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2245=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2245=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2245=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2245=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2245=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2245=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2245=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2245=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2245=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2245=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * zypper-debugsource-1.14.60-150400.3.21.2 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * openSUSE Leap Micro 5.3 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsolv-debuginfo-0.7.24-150400.3.6.4 * ruby-solv-0.7.24-150400.3.6.4 * perl-solv-0.7.24-150400.3.6.4 * python3-solv-debuginfo-0.7.24-150400.3.6.4 * python-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-devel-debuginfo-0.7.24-150400.3.6.4 * python-solv-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * libsolv-demo-0.7.24-150400.3.6.4 * libsolv-devel-0.7.24-150400.3.6.4 * libzypp-devel-doc-17.31.11-150400.3.25.2 * python3-solv-0.7.24-150400.3.6.4 * ruby-solv-debuginfo-0.7.24-150400.3.6.4 * zypper-debugsource-1.14.60-150400.3.21.2 * perl-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-tools-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * libzypp-devel-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * libsolv-demo-debuginfo-0.7.24-150400.3.6.4 * libsolv-debugsource-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * openSUSE Leap 15.4 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * zypper-aptitude-1.14.60-150400.3.21.2 * zypper-log-1.14.60-150400.3.21.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * zypper-debugsource-1.14.60-150400.3.21.2 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * zypper-debugsource-1.14.60-150400.3.21.2 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * zypper-debugsource-1.14.60-150400.3.21.2 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-17.31.11-150400.3.25.2 * zypper-debugsource-1.14.60-150400.3.21.2 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-devel-0.7.24-150400.3.6.4 * libsolv-devel-debuginfo-0.7.24-150400.3.6.4 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * libzypp-devel-17.31.11-150400.3.25.2 * ruby-solv-0.7.24-150400.3.6.4 * python3-solv-0.7.24-150400.3.6.4 * libzypp-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * ruby-solv-debuginfo-0.7.24-150400.3.6.4 * zypper-debugsource-1.14.60-150400.3.21.2 * python3-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * Basesystem Module 15-SP4 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * zypper-log-1.14.60-150400.3.21.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsolv-tools-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * libsolv-devel-0.7.24-150400.3.6.4 * libsolv-devel-debuginfo-0.7.24-150400.3.6.4 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-debuginfo-17.31.11-150400.3.25.2 * libzypp-devel-17.31.11-150400.3.25.2 * ruby-solv-0.7.24-150400.3.6.4 * python3-solv-0.7.24-150400.3.6.4 * libzypp-17.31.11-150400.3.25.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * ruby-solv-debuginfo-0.7.24-150400.3.6.4 * zypper-debugsource-1.14.60-150400.3.21.2 * python3-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-debugsource-0.7.24-150400.3.6.4 * libzypp-debugsource-17.31.11-150400.3.25.2 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * Basesystem Module 15-SP5 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * zypper-log-1.14.60-150400.3.21.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsolv-debugsource-0.7.24-150400.3.6.4 * perl-solv-0.7.24-150400.3.6.4 * perl-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-debuginfo-0.7.24-150400.3.6.4 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsolv-debugsource-0.7.24-150400.3.6.4 * perl-solv-0.7.24-150400.3.6.4 * perl-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-debuginfo-0.7.24-150400.3.6.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1127591 * https://bugzilla.suse.com/show_bug.cgi?id=1195633 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=1209406 * https://bugzilla.suse.com/show_bug.cgi?id=1210870 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:16 -0000 Subject: SUSE-SU-2023:2244-1: important: Security update for ucode-intel Message-ID: <168442741663.13806.5631128065303739248@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:2244-1 Rating: important References: * #1208479 * #1211382 Cross-References: * CVE-2022-33972 CVSS scores: * CVE-2022-33972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N * CVE-2022-33972 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) * New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 * Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR- SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2244=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2244=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2244=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20230512-150100.3.220.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20230512-150100.3.220.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20230512-150100.3.220.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20230512-150100.3.220.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33972.html * https://bugzilla.suse.com/show_bug.cgi?id=1208479 * https://bugzilla.suse.com/show_bug.cgi?id=1211382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 18 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2023 16:30:18 -0000 Subject: SUSE-SU-2023:2243-1: important: Security update for ucode-intel Message-ID: <168442741864.13806.2609259982659493576@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:2243-1 Rating: important References: * #1208479 * #1211382 Cross-References: * CVE-2022-33972 CVSS scores: * CVE-2022-33972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N * CVE-2022-33972 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 * Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR- SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2243=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2243=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2243=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2243=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2243=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2243=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2243=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2243=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2243=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2243=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2243=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2243=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2243=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2243=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2243=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2243=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2243=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2243=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2243=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2243=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2243=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2243=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2243=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2243=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20230512-150200.24.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20230512-150200.24.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20230512-150200.24.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Manager Proxy 4.2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Manager Server 4.2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Enterprise Storage 7 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20230512-150200.24.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20230512-150200.24.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33972.html * https://bugzilla.suse.com/show_bug.cgi?id=1208479 * https://bugzilla.suse.com/show_bug.cgi?id=1211382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 12:30:02 -0000 Subject: SUSE-RU-2023:2252-1: important: Recommended update for glib2 Message-ID: <168449940284.7884.18371095268639822647@smelt2.suse.de> # Recommended update for glib2 Announcement ID: SUSE-RU-2023:2252-1 Rating: important References: * #1210135 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for glib2 fixes the following issues: * Update backported from upstream to fix regression on s390x. (bsc#1210135) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2252=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2252=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2252=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2252=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2252=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2252=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2252=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2252=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2252=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2252=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2252=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libgio-2_0-0-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * SUSE OpenStack Cloud 9 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libgio-2_0-0-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgio-fam-2.48.2-12.34.1 * glib2-devel-static-2.48.2-12.34.1 * glib2-devel-2.48.2-12.34.1 * libgio-fam-debuginfo-2.48.2-12.34.1 * glib2-devel-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libgio-2_0-0-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * glib2-debugsource-2.48.2-12.34.1 * libgthread-2_0-0-2.48.2-12.34.1 * libgmodule-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-2.48.2-12.34.1 * glib2-tools-2.48.2-12.34.1 * libglib-2_0-0-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-2.48.2-12.34.1 * libgobject-2_0-0-2.48.2-12.34.1 * glib2-tools-debuginfo-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * glib2-lang-2.48.2-12.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgthread-2_0-0-32bit-2.48.2-12.34.1 * libgobject-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-32bit-2.48.2-12.34.1 * libglib-2_0-0-32bit-2.48.2-12.34.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.34.1 * libgio-2_0-0-32bit-2.48.2-12.34.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libgio-fam-debuginfo-2.48.2-12.34.1 * glib2-debugsource-2.48.2-12.34.1 * libgio-fam-2.48.2-12.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210135 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2251-1: important: Security update for openvswitch Message-ID: <168449940440.7884.13265476415720482654@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2251-1 Rating: important References: * #1206580 * #1206581 Cross-References: * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2251=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2251=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2251=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openvswitch-2.11.5-3.15.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.1 * openvswitch-debugsource-2.11.5-3.15.1 * libopenvswitch-2_11-0-2.11.5-3.15.1 * openvswitch-debuginfo-2.11.5-3.15.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-2.11.5-3.15.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.1 * openvswitch-debugsource-2.11.5-3.15.1 * libopenvswitch-2_11-0-2.11.5-3.15.1 * openvswitch-debuginfo-2.11.5-3.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openvswitch-2.11.5-3.15.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.1 * openvswitch-debugsource-2.11.5-3.15.1 * libopenvswitch-2_11-0-2.11.5-3.15.1 * openvswitch-debuginfo-2.11.5-3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2250-1: important: Security update for openvswitch Message-ID: <168449940638.7884.11484301542355376818@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2250-1 Rating: important References: * #1206580 * #1206581 Cross-References: * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2250=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2250=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2250=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2250=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2250=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ovn-devel-20.06.2-150400.24.6.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.6.1 * ovn-central-20.06.2-150400.24.6.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.6.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-2.14.2-150400.24.6.1 * openvswitch-pki-2.14.2-150400.24.6.1 * ovn-docker-20.06.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * ovn-debuginfo-20.06.2-150400.24.6.1 * ovn-host-20.06.2-150400.24.6.1 * openvswitch-devel-2.14.2-150400.24.6.1 * ovn-vtep-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-debuginfo-2.14.2-150400.24.6.1 * ovn-20.06.2-150400.24.6.1 * openvswitch-debuginfo-2.14.2-150400.24.6.1 * openvswitch-ipsec-2.14.2-150400.24.6.1 * libovn-20_06-0-20.06.2-150400.24.6.1 * openvswitch-vtep-2.14.2-150400.24.6.1 * openvswitch-debugsource-2.14.2-150400.24.6.1 * ovn-host-debuginfo-20.06.2-150400.24.6.1 * ovn-vtep-20.06.2-150400.24.6.1 * ovn-central-debuginfo-20.06.2-150400.24.6.1 * openvswitch-2.14.2-150400.24.6.1 * libopenvswitch-2_14-0-2.14.2-150400.24.6.1 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.6.1 * ovn-doc-20.06.2-150400.24.6.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ovn-devel-20.06.2-150400.24.6.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.6.1 * ovn-central-20.06.2-150400.24.6.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.6.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-2.14.2-150400.24.6.1 * openvswitch-pki-2.14.2-150400.24.6.1 * ovn-docker-20.06.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * ovn-debuginfo-20.06.2-150400.24.6.1 * ovn-host-20.06.2-150400.24.6.1 * openvswitch-devel-2.14.2-150400.24.6.1 * ovn-vtep-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-debuginfo-2.14.2-150400.24.6.1 * ovn-20.06.2-150400.24.6.1 * openvswitch-debuginfo-2.14.2-150400.24.6.1 * openvswitch-ipsec-2.14.2-150400.24.6.1 * libovn-20_06-0-20.06.2-150400.24.6.1 * openvswitch-vtep-2.14.2-150400.24.6.1 * openvswitch-debugsource-2.14.2-150400.24.6.1 * ovn-host-debuginfo-20.06.2-150400.24.6.1 * ovn-vtep-20.06.2-150400.24.6.1 * ovn-central-debuginfo-20.06.2-150400.24.6.1 * openvswitch-2.14.2-150400.24.6.1 * libopenvswitch-2_14-0-2.14.2-150400.24.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.6.1 * openvswitch-debuginfo-2.14.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.6.1 * openvswitch-debuginfo-2.14.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ovn-devel-20.06.2-150400.24.6.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.6.1 * ovn-central-20.06.2-150400.24.6.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.6.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-2.14.2-150400.24.6.1 * openvswitch-pki-2.14.2-150400.24.6.1 * ovn-docker-20.06.2-150400.24.6.1 * python3-ovs-2.14.2-150400.24.6.1 * ovn-debuginfo-20.06.2-150400.24.6.1 * ovn-host-20.06.2-150400.24.6.1 * openvswitch-devel-2.14.2-150400.24.6.1 * ovn-vtep-debuginfo-20.06.2-150400.24.6.1 * openvswitch-test-debuginfo-2.14.2-150400.24.6.1 * ovn-20.06.2-150400.24.6.1 * openvswitch-debuginfo-2.14.2-150400.24.6.1 * openvswitch-ipsec-2.14.2-150400.24.6.1 * libovn-20_06-0-20.06.2-150400.24.6.1 * openvswitch-vtep-2.14.2-150400.24.6.1 * openvswitch-debugsource-2.14.2-150400.24.6.1 * ovn-host-debuginfo-20.06.2-150400.24.6.1 * ovn-vtep-20.06.2-150400.24.6.1 * ovn-central-debuginfo-20.06.2-150400.24.6.1 * openvswitch-2.14.2-150400.24.6.1 * libopenvswitch-2_14-0-2.14.2-150400.24.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2256-1: important: Security update for runc Message-ID: <168451380457.30106.12318491944584068913@smelt2.suse.de> # Security update for runc Announcement ID: SUSE-SU-2023:2256-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of runc fixes the following issues: * rebuild the package with the go 19.9 secure release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2256=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2256=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2256=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2256=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2256=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2256=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2256=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2256=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2256=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2256=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2256=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2256=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2256=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2256=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2256=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2256=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2256=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2256=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2256=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2256=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2256=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2256=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE CaaS Platform 4.0 (x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-1.1.5-150000.43.1 * runc-debuginfo-1.1.5-150000.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2255-1: important: Security update for openvswitch Message-ID: <168451380658.30106.14203654879822487447@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2255-1 Rating: important References: * #1206580 * #1206581 Cross-References: * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2255=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2255=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2255=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openvswitch-ovn-vtep-debuginfo-2.11.5-150100.3.21.1 * openvswitch-ovn-host-debuginfo-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-2.11.5-150100.3.21.1 * openvswitch-ovn-vtep-2.11.5-150100.3.21.1 * openvswitch-ovn-docker-2.11.5-150100.3.21.1 * python3-ovs-debuginfo-2.11.5-150100.3.21.1 * openvswitch-ovn-central-debuginfo-2.11.5-150100.3.21.1 * openvswitch-ovn-common-2.11.5-150100.3.21.1 * openvswitch-ovn-host-2.11.5-150100.3.21.1 * openvswitch-ovn-central-2.11.5-150100.3.21.1 * openvswitch-ovn-common-debuginfo-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-150100.3.21.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.11.5-150100.3.21.1 * openvswitch-debugsource-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-150100.3.21.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python2-ovs-2.11.5-150100.3.21.1 * openvswitch-debuginfo-2.11.5-150100.3.21.1 * openvswitch-debugsource-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-2.11.5-150100.3.21.1 * python2-ovs-debuginfo-2.11.5-150100.3.21.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-150100.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2254-1: important: Security update for containerd Message-ID: <168451380847.30106.1494857858106760170@smelt2.suse.de> # Security update for containerd Announcement ID: SUSE-SU-2023:2254-1 Rating: important References: * #1210298 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for containerd fixes the following issues: * Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2254=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2254=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2254=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2254=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2254=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2254=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2254=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2254=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2254=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2254=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2254=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2254=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2254=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2254=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2254=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2254=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2254=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2254=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2254=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2254=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2254=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2254=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.90.3 * containerd-devel-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Enterprise Storage 7 (aarch64 x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE CaaS Platform 4.0 (x86_64) * containerd-1.6.19-150000.90.3 * containerd-ctr-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * containerd-1.6.19-150000.90.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri May 19 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2253-1: important: Security update for terraform-provider-aws Message-ID: <168451381030.30106.18323454378949036938@smelt2.suse.de> # Security update for terraform-provider-aws Announcement ID: SUSE-SU-2023:2253-1 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update of terraform-provider-aws fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2253=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2253=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2253=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2253=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 08:30:06 -0000 Subject: SUSE-SU-2023:2259-1: important: Security update for openvswitch Message-ID: <168474420614.31671.3171681717287558287@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2259-1 Rating: important References: * #1203865 * #1206580 * #1206581 Cross-References: * CVE-2022-32166 * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2022-32166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-32166 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). * CVE-2022-32166: Fixed out of bounds read in minimask_equal() (bsc#1203865). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2259=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * openvswitch-switch-2.5.11-25.34.1 * openvswitch-dpdk-switch-debuginfo-2.5.11-25.34.1 * openvswitch-dpdk-debugsource-2.5.11-25.34.1 * openvswitch-debuginfo-2.5.11-25.34.1 * openvswitch-dpdk-2.5.11-25.34.1 * openvswitch-2.5.11-25.34.1 * openvswitch-debugsource-2.5.11-25.34.1 * openvswitch-switch-debuginfo-2.5.11-25.34.1 * openvswitch-dpdk-switch-2.5.11-25.34.1 * openvswitch-dpdk-debuginfo-2.5.11-25.34.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32166.html * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1203865 * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2264-1: important: Security update for python-Flask Message-ID: <168475860400.27262.1650619619256035773@smelt2.suse.de> # Security update for python-Flask Announcement ID: SUSE-SU-2023:2264-1 Rating: important References: * #1211246 Cross-References: * CVE-2023-30861 CVSS scores: * CVE-2023-30861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30861 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2264=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2264=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2264=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2264=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2264=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2264=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2264=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2264=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2264=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2264=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2264=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2264=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2264=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2264=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2264=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Package Hub 15 15-SP4 (noarch) * python2-Flask-1.0.2-150100.6.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * python2-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Manager Proxy 4.2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Manager Server 4.2 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE Enterprise Storage 7 (noarch) * python3-Flask-1.0.2-150100.6.3.1 * SUSE CaaS Platform 4.0 (noarch) * python3-Flask-1.0.2-150100.6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30861.html * https://bugzilla.suse.com/show_bug.cgi?id=1211246 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2263-1: important: Security update for python-Flask Message-ID: <168475860605.27262.7956299489070886853@smelt2.suse.de> # Security update for python-Flask Announcement ID: SUSE-SU-2023:2263-1 Rating: important References: * #1211246 Cross-References: * CVE-2023-30861 CVSS scores: * CVE-2023-30861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30861 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2263=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2263=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2263=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-Flask-doc-1.0.4-150400.3.3.1 * python3-Flask-1.0.4-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * python3-Flask-1.0.4-150400.3.3.1 * Basesystem Module 15-SP5 (noarch) * python3-Flask-1.0.4-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30861.html * https://bugzilla.suse.com/show_bug.cgi?id=1211246 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 12:30:08 -0000 Subject: SUSE-RU-2023:2262-1: moderate: Recommended update for nftables Message-ID: <168475860807.27262.5815964249064600893@smelt2.suse.de> # Recommended update for nftables Announcement ID: SUSE-RU-2023:2262-1 Rating: moderate References: * #1210773 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for nftables fixes the following issue: * A crash in nftables if layer2 reject rules are processed (bsc#1210773). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2262=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2262=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2262=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2262=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2262=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2262=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2262=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2262=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2262=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2262=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2262=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2262=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2262=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2262=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2262=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2262=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2262=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2262=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2262=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2262=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-devel-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * nftables-debugsource-0.9.8-150300.3.6.1 * nftables-debuginfo-0.9.8-150300.3.6.1 * nftables-0.9.8-150300.3.6.1 * libnftables1-debuginfo-0.9.8-150300.3.6.1 * libnftables1-0.9.8-150300.3.6.1 * python3-nftables-0.9.8-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210773 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 12:30:10 -0000 Subject: SUSE-SU-2023:2261-1: important: Security update for terraform-provider-null Message-ID: <168475861012.27262.15425613496122382816@smelt2.suse.de> # Security update for terraform-provider-null Announcement ID: SUSE-SU-2023:2261-1 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update of terraform-provider-null fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2261=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2261=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2261=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2261=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 12:30:11 -0000 Subject: SUSE-RU-2023:2260-1: moderate: Recommended update for zlib Message-ID: <168475861173.27262.17298352997663050463@smelt2.suse.de> # Recommended update for zlib Announcement ID: SUSE-RU-2023:2260-1 Rating: moderate References: * #1210593 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for zlib fixes the following issues: * Fix crash when calling deflateBound() function (bsc#1210593) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2260=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2260=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2260=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2260=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-debugsource-1.2.11-11.34.1 * zlib-devel-static-1.2.11-11.34.1 * zlib-devel-1.2.11-11.34.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * zlib-devel-32bit-1.2.11-11.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * zlib-debugsource-1.2.11-11.34.1 * zlib-devel-static-1.2.11-11.34.1 * zlib-devel-1.2.11-11.34.1 * libz1-1.2.11-11.34.1 * libz1-debuginfo-1.2.11-11.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * zlib-devel-32bit-1.2.11-11.34.1 * libz1-32bit-1.2.11-11.34.1 * libz1-debuginfo-32bit-1.2.11-11.34.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-debugsource-1.2.11-11.34.1 * zlib-devel-static-1.2.11-11.34.1 * zlib-devel-1.2.11-11.34.1 * libz1-1.2.11-11.34.1 * libz1-debuginfo-1.2.11-11.34.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * zlib-devel-32bit-1.2.11-11.34.1 * libz1-32bit-1.2.11-11.34.1 * libz1-debuginfo-32bit-1.2.11-11.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * zlib-debugsource-1.2.11-11.34.1 * zlib-devel-static-1.2.11-11.34.1 * zlib-devel-1.2.11-11.34.1 * libz1-1.2.11-11.34.1 * libz1-debuginfo-1.2.11-11.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * zlib-devel-32bit-1.2.11-11.34.1 * libz1-32bit-1.2.11-11.34.1 * libz1-debuginfo-32bit-1.2.11-11.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210593 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:01 -0000 Subject: SUSE-FU-2023:2271-1: moderate: Feature update for xz-java Message-ID: <168477300120.20204.11281058477743457430@smelt2.suse.de> # Feature update for xz-java Announcement ID: SUSE-FU-2023:2271-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for xz-java fixes the following issues: * Version update from 1.8 to 1.9: * For the list of fixes and changes see the release notes at /usr/share/doc/packages/xz-java/NEWS ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2271=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2271=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2271=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2271=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2271=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2271=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2271=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2271=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2271=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2271=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2271=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2271=1 ## Package List: * openSUSE Leap 15.4 (noarch) * xz-java-1.9-150200.3.7.1 * xz-java-javadoc-1.9-150200.3.7.1 * Development Tools Module 15-SP4 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Enterprise Storage 7.1 (noarch) * xz-java-1.9-150200.3.7.1 * SUSE Enterprise Storage 7 (noarch) * xz-java-1.9-150200.3.7.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:02 -0000 Subject: SUSE-RU-2023:2270-1: moderate: Recommended update for eclipse-jgit Message-ID: <168477300251.20204.14841258474188612152@smelt2.suse.de> # Recommended update for eclipse-jgit Announcement ID: SUSE-RU-2023:2270-1 Rating: moderate References: * #1209646 Affected Products: * openSUSE Leap 15.4 An update that has one recommended fix can now be installed. ## Description: This update for eclipse-jgit fixes the following issues: * Add dependency requirement to `xz-java` because the installed jgit script is expecting it when composing the classpath (bsc#1209646) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2270=1 ## Package List: * openSUSE Leap 15.4 (noarch) * eclipse-jgit-5.11.0-150200.3.8.9 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:03 -0000 Subject: SUSE-FU-2023:2269-1: moderate: Feature update for javapackages-tools Message-ID: <168477300379.20204.4222787959152980402@smelt2.suse.de> # Feature update for javapackages-tools Announcement ID: SUSE-FU-2023:2269-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for javapackages-tools fixes the following issues: * Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default * Remove requirement to python-six as it is not needed ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2269=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2269=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2269=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2269=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2269=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2269=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2269=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2269=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2269=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2269=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2269=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2269=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2269=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2269=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2269=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2269=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * openSUSE Leap 15.4 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * Basesystem Module 15-SP4 (noarch) * python3-javapackages-6.1.0-150200.3.7.1 * Development Tools Module 15-SP4 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Manager Proxy 4.2 (x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Manager Proxy 4.2 (noarch) * python3-javapackages-6.1.0-150200.3.7.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-javapackages-6.1.0-150200.3.7.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Manager Server 4.2 (noarch) * python3-javapackages-6.1.0-150200.3.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Enterprise Storage 7.1 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * javapackages-tools-6.1.0-150200.3.7.1 * javapackages-filesystem-6.1.0-150200.3.7.1 * SUSE Enterprise Storage 7 (noarch) * javapackages-local-6.1.0-150200.3.7.1 * python3-javapackages-6.1.0-150200.3.7.1 * javapackages-gradle-6.1.0-150200.3.7.1 * javapackages-ivy-6.1.0-150200.3.7.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2268-1: moderate: Recommended update for javaparser Message-ID: <168477300483.20204.515937890254697616@smelt2.suse.de> # Recommended update for javaparser Announcement ID: SUSE-RU-2023:2268-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 An update that contains one feature can now be installed. ## Description: This update for javaparser fixes the following issues: Version update from 3.24.2 to 3.25.1 (jsc#SLE-23217): * API or Behaviour Change: * Fix: Unexpected exception when solving type inside an Anonymous class * Improved search for functional interfaces * For the full list of bug fixes and changes please consult the upstream release notes for each version: * 3.25.1: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.25.1 * 3.25.0: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.25.0 * 3.24.10: https://github.com/javaparser/javaparser/releases/tag/v_snapshot_e2590f3 * 3.24.9: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.9 * 3.24.8: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.8 * 3.24.7: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.7 * 3.24.3: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.3 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2268=1 ## Package List: * openSUSE Leap 15.4 (noarch) * javaparser-javadoc-3.25.1-150200.3.7.11 * javaparser-3.25.1-150200.3.7.11 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:05 -0000 Subject: SUSE-FU-2023:2267-1: moderate: Feature update for glassfish-jax-rs-api and glassfish-jsp-api Message-ID: <168477300572.20204.2415478853818121041@smelt2.suse.de> # Feature update for glassfish-jax-rs-api and glassfish-jsp-api Announcement ID: SUSE-FU-2023:2267-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 An update that contains one feature can now be installed. ## Description: This update for glassfish-jax-rs-api and glassfish-jsp-api fixes the following issues: glassfish-jax-rs-api: * Version update from 2.1.5 to 2.1.6 (jsc#SLE-23217): * Fixed spec version and updated template to include Final Release if is empty. * Added Eclipse copyright notice. * Set copyright footer to 2019 Eclipse Foundation. * Use Jakarta instead of Java. * Include link to license in footer as well. glassfish-jsp-api: * Add alias to javax.servlet.jsp:jsp-api (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2267=1 ## Package List: * openSUSE Leap 15.4 (noarch) * glassfish-jsp-api-2.3.3-150200.3.3.1 * glassfish-jsp-api-javadoc-2.3.3-150200.3.3.1 * glassfish-jax-rs-api-2.1.6-150200.3.7.11 * glassfish-jax-rs-api-javadoc-2.1.6-150200.3.7.11 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 22 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2023 16:30:06 -0000 Subject: SUSE-FU-2023:2266-1: moderate: Feature update for apache-parent Message-ID: <168477300661.20204.6833335857796725034@smelt2.suse.de> # Feature update for apache-parent Announcement ID: SUSE-FU-2023:2266-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 An update that contains one feature can now be installed. ## Description: This update for apache-parent fixes the following issues: Version update from 21 to 28 (jsc#SLE-23217): * Respect property assembly.tarLongFileMode * Allow custom Release Distribution Repository * Upgrade fluido skin to 1.11.0 * Add ASF Data Privacy * Drop outdated maven-docck-plugin from pluginManagement * Upgrade fluido skin to 1.11.1 * Set minimum enforced Maven version to 3.2.5 * Update m-plugin-p to 3.6.4 * Disable m2e warning for m-remote-resource-p:process * Corrected Jira URL * Update minimum version to 3.1.1 * Assume Maven 3 * Remove outdated clirr-maven-plugin * Simplify m-javadoc-p configuration * Configure release profile with dedicated parameter * Upload SHA-512 only for source-release to staging repository * Enforce minimum Java build version 8 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2266=1 ## Package List: * openSUSE Leap 15.4 (noarch) * apache-parent-28-150200.3.9.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 23 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2273-1: important: Security update for geoipupdate Message-ID: <168483060306.9356.2550190387500135869@smelt2.suse.de> # Security update for geoipupdate Announcement ID: SUSE-SU-2023:2273-1 Rating: important References: * #1200441 * #1209658 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2273=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2273=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2273=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2273=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2273=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2273=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2273=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2273=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2273=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2273=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2273=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2273=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2273=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2273=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2273=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2273=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2273=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2273=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Manager Proxy 4.2 (x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * SUSE CaaS Platform 4.0 (x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 23 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2023 08:30:04 -0000 Subject: SUSE-RU-2023:2272-1: moderate: Recommended update for go Message-ID: <168483060475.9356.8284901372944916262@smelt2.suse.de> # Recommended update for go Announcement ID: SUSE-RU-2023:2272-1 Rating: moderate References: * #1206346 * #1210938 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for go fixes the following issues: Switch default go compiler to go1.20. (bsc#1206346) Packaging improvements: * Re-enable debuginfo bsc#1210938 remove spec comment "# nodebug" * Use Group: Development/Languages/Go instead of Other ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2272=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2272=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2272=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go-1.20-150000.3.29.1 * go-doc-1.20-150000.3.29.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go-race-1.20-150000.3.29.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go-1.20-150000.3.29.1 * go-doc-1.20-150000.3.29.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go-race-1.20-150000.3.29.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go-1.20-150000.3.29.1 * go-race-1.20-150000.3.29.1 * go-doc-1.20-150000.3.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1210938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 23 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2275-1: important: Security update for openvswitch Message-ID: <168485940423.30312.1091983937299388670@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2275-1 Rating: important References: * #1206580 * #1206581 * #1210054 Cross-References: * CVE-2022-4337 * CVE-2022-4338 * CVE-2023-1668 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1668 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1668 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2275=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2275=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2275=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2275=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2275=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2275=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2275=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2275=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2275=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Manager Proxy 4.2 (x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openvswitch-debuginfo-2.14.2-150300.19.8.1 * ovn-debuginfo-20.06.2-150300.19.8.1 * ovn-central-debuginfo-20.06.2-150300.19.8.1 * openvswitch-test-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-20.06.2-150300.19.8.1 * openvswitch-pki-2.14.2-150300.19.8.1 * openvswitch-2.14.2-150300.19.8.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.8.1 * ovn-host-20.06.2-150300.19.8.1 * libovn-20_06-0-20.06.2-150300.19.8.1 * python3-ovs-2.14.2-150300.19.8.1 * openvswitch-devel-2.14.2-150300.19.8.1 * openvswitch-vtep-2.14.2-150300.19.8.1 * ovn-host-debuginfo-20.06.2-150300.19.8.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.8.1 * ovn-vtep-debuginfo-20.06.2-150300.19.8.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.8.1 * ovn-docker-20.06.2-150300.19.8.1 * openvswitch-test-2.14.2-150300.19.8.1 * ovn-devel-20.06.2-150300.19.8.1 * ovn-central-20.06.2-150300.19.8.1 * ovn-20.06.2-150300.19.8.1 * openvswitch-debugsource-2.14.2-150300.19.8.1 * libopenvswitch-2_14-0-2.14.2-150300.19.8.1 * openvswitch-ipsec-2.14.2-150300.19.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://www.suse.com/security/cve/CVE-2023-1668.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 * https://bugzilla.suse.com/show_bug.cgi?id=1210054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 23 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2274-1: important: Security update for openvswitch Message-ID: <168485940637.30312.17478996111946368609@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2274-1 Rating: important References: * #1206580 * #1206581 * #1210054 Cross-References: * CVE-2022-4337 * CVE-2022-4338 * CVE-2023-1668 CVSS scores: * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1668 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1668 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2274=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2274=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2274=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2274=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2274=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.22.1 * libovn-20_03-0-20.03.1-150200.9.22.1 * libopenvswitch-2_13-0-2.13.2-150200.9.22.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.22.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openvswitch-2.13.2-150200.9.22.1 * openvswitch-test-debuginfo-2.13.2-150200.9.22.1 * openvswitch-debuginfo-2.13.2-150200.9.22.1 * ovn-20.03.1-150200.9.22.1 * python3-ovs-2.13.2-150200.9.22.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.22.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.22.1 * libovn-20_03-0-20.03.1-150200.9.22.1 * openvswitch-vtep-2.13.2-150200.9.22.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.22.1 * ovn-host-20.03.1-150200.9.22.1 * openvswitch-devel-2.13.2-150200.9.22.1 * ovn-docker-20.03.1-150200.9.22.1 * openvswitch-pki-2.13.2-150200.9.22.1 * openvswitch-ipsec-2.13.2-150200.9.22.1 * openvswitch-debugsource-2.13.2-150200.9.22.1 * ovn-vtep-20.03.1-150200.9.22.1 * ovn-central-20.03.1-150200.9.22.1 * libopenvswitch-2_13-0-2.13.2-150200.9.22.1 * ovn-devel-20.03.1-150200.9.22.1 * openvswitch-test-2.13.2-150200.9.22.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openvswitch-2.13.2-150200.9.22.1 * openvswitch-test-debuginfo-2.13.2-150200.9.22.1 * openvswitch-debuginfo-2.13.2-150200.9.22.1 * ovn-20.03.1-150200.9.22.1 * python3-ovs-2.13.2-150200.9.22.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.22.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.22.1 * libovn-20_03-0-20.03.1-150200.9.22.1 * openvswitch-vtep-2.13.2-150200.9.22.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.22.1 * ovn-host-20.03.1-150200.9.22.1 * openvswitch-devel-2.13.2-150200.9.22.1 * ovn-docker-20.03.1-150200.9.22.1 * openvswitch-pki-2.13.2-150200.9.22.1 * openvswitch-ipsec-2.13.2-150200.9.22.1 * openvswitch-debugsource-2.13.2-150200.9.22.1 * ovn-vtep-20.03.1-150200.9.22.1 * ovn-central-20.03.1-150200.9.22.1 * libopenvswitch-2_13-0-2.13.2-150200.9.22.1 * ovn-devel-20.03.1-150200.9.22.1 * openvswitch-test-2.13.2-150200.9.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openvswitch-2.13.2-150200.9.22.1 * openvswitch-test-debuginfo-2.13.2-150200.9.22.1 * openvswitch-debuginfo-2.13.2-150200.9.22.1 * ovn-20.03.1-150200.9.22.1 * python3-ovs-2.13.2-150200.9.22.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.22.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.22.1 * libovn-20_03-0-20.03.1-150200.9.22.1 * openvswitch-vtep-2.13.2-150200.9.22.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.22.1 * ovn-host-20.03.1-150200.9.22.1 * openvswitch-devel-2.13.2-150200.9.22.1 * ovn-docker-20.03.1-150200.9.22.1 * openvswitch-pki-2.13.2-150200.9.22.1 * openvswitch-ipsec-2.13.2-150200.9.22.1 * openvswitch-debugsource-2.13.2-150200.9.22.1 * ovn-vtep-20.03.1-150200.9.22.1 * ovn-central-20.03.1-150200.9.22.1 * libopenvswitch-2_13-0-2.13.2-150200.9.22.1 * ovn-devel-20.03.1-150200.9.22.1 * openvswitch-test-2.13.2-150200.9.22.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openvswitch-2.13.2-150200.9.22.1 * openvswitch-test-debuginfo-2.13.2-150200.9.22.1 * openvswitch-debuginfo-2.13.2-150200.9.22.1 * ovn-20.03.1-150200.9.22.1 * python3-ovs-2.13.2-150200.9.22.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.22.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.22.1 * libovn-20_03-0-20.03.1-150200.9.22.1 * openvswitch-vtep-2.13.2-150200.9.22.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.22.1 * ovn-host-20.03.1-150200.9.22.1 * openvswitch-devel-2.13.2-150200.9.22.1 * ovn-docker-20.03.1-150200.9.22.1 * openvswitch-pki-2.13.2-150200.9.22.1 * openvswitch-ipsec-2.13.2-150200.9.22.1 * openvswitch-debugsource-2.13.2-150200.9.22.1 * ovn-vtep-20.03.1-150200.9.22.1 * ovn-central-20.03.1-150200.9.22.1 * libopenvswitch-2_13-0-2.13.2-150200.9.22.1 * ovn-devel-20.03.1-150200.9.22.1 * openvswitch-test-2.13.2-150200.9.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://www.suse.com/security/cve/CVE-2023-1668.html * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 * https://bugzilla.suse.com/show_bug.cgi?id=1210054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 07:03:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:21 +0200 (CEST) Subject: SUSE-CU-2023:1600-1: Security update of suse/sles/15.5/cdi-apiserver Message-ID: <20230524070321.1C636F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1600-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.4.4 , suse/sles/15.5/cdi-apiserver:1.55.0.17.227 Container Release : 17.227 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - containerized-data-importer-api-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:27 +0200 (CEST) Subject: SUSE-CU-2023:1601-1: Security update of suse/sles/15.5/cdi-cloner Message-ID: <20230524070327.811E4F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1601-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.4.4 , suse/sles/15.5/cdi-cloner:1.55.0.17.225 Container Release : 17.225 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - containerized-data-importer-cloner-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:1602-1: Security update of suse/sles/15.5/cdi-controller Message-ID: <20230524070333.DFBC0F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1602-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.4.4 , suse/sles/15.5/cdi-controller:1.55.0.17.226 Container Release : 17.226 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - containerized-data-importer-controller-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:40 +0200 (CEST) Subject: SUSE-CU-2023:1603-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230524070340.494B4F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1603-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.4.4 , suse/sles/15.5/cdi-importer:1.55.0.17.295 Container Release : 17.295 Severity : important Type : security References : 1200441 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2180-1 Released: Thu May 11 17:25:06 2023 Summary: Security update for skopeo Type: security Severity: important References: 1200441 This update of skopeo fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - libnettle8-3.8.1-150500.2.25 updated - qemu-block-curl-7.1.0-150500.47.15 updated - libhogweed6-3.8.1-150500.2.25 updated - qemu-tools-7.1.0-150500.47.15 updated - containerized-data-importer-importer-1.55.0-150500.4.4 updated - skopeo-0.1.41-150000.4.16.1 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:46 +0200 (CEST) Subject: SUSE-CU-2023:1604-1: Security update of suse/sles/15.5/cdi-operator Message-ID: <20230524070346.69C1AF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1604-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.4.4 , suse/sles/15.5/cdi-operator:1.55.0.17.226 Container Release : 17.226 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - containerized-data-importer-operator-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:52 +0200 (CEST) Subject: SUSE-CU-2023:1605-1: Security update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230524070352.851F3F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1605-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.4.4 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.226 Container Release : 17.226 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - containerized-data-importer-uploadproxy-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:03:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:03:59 +0200 (CEST) Subject: SUSE-CU-2023:1606-1: Security update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230524070359.7358EF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1606-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.4.4 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.292 Container Release : 17.292 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - libnettle8-3.8.1-150500.2.25 updated - libhogweed6-3.8.1-150500.2.25 updated - qemu-tools-7.1.0-150500.47.15 updated - containerized-data-importer-uploadserver-1.55.0-150500.4.4 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:08 +0200 (CEST) Subject: SUSE-CU-2023:1607-1: Security update of suse/sles/15.5/virt-api Message-ID: <20230524070408.6C921F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1607-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.6.3 , suse/sles/15.5/virt-api:0.58.0.17.266 Container Release : 17.266 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - kubevirt-virt-api-0.58.0-150500.6.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:15 +0200 (CEST) Subject: SUSE-CU-2023:1608-1: Security update of suse/sles/15.5/virt-controller Message-ID: <20230524070415.801C8F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1608-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.6.3 , suse/sles/15.5/virt-controller:0.58.0.17.266 Container Release : 17.266 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - kubevirt-virt-controller-0.58.0-150500.6.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:22 +0200 (CEST) Subject: SUSE-CU-2023:1609-1: Security update of suse/sles/15.5/virt-exportproxy Message-ID: <20230524070422.31930F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1609-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.6.3 , suse/sles/15.5/virt-exportproxy:0.58.0.1.264 Container Release : 1.264 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - kubevirt-virt-exportproxy-0.58.0-150500.6.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:1610-1: Security update of suse/sles/15.5/virt-exportserver Message-ID: <20230524070429.0D259F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1610-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.6.3 , suse/sles/15.5/virt-exportserver:0.58.0.1.264 Container Release : 1.264 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - kubevirt-virt-exportserver-0.58.0-150500.6.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:36 +0200 (CEST) Subject: SUSE-CU-2023:1611-1: Security update of suse/sles/15.5/virt-handler Message-ID: <20230524070436.47FCCF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1611-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.6.3 , suse/sles/15.5/virt-handler:0.58.0.18.333 Container Release : 18.333 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - kubevirt-container-disk-0.58.0-150500.6.3 updated - kubevirt-virt-handler-0.58.0-150500.6.3 updated - libnettle8-3.8.1-150500.2.25 updated - libhogweed6-3.8.1-150500.2.25 updated - qemu-tools-7.1.0-150500.47.15 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:43 +0200 (CEST) Subject: SUSE-CU-2023:1612-1: Security update of suse/sles/15.5/virt-launcher Message-ID: <20230524070443.5CFEEF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1612-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.6.3 , suse/sles/15.5/virt-launcher:0.58.0.20.157 Container Release : 20.157 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - kubevirt-container-disk-0.58.0-150500.6.3 updated - libcapstone4-4.0.2-150500.1.3 updated - libnettle8-3.8.1-150500.2.25 updated - qemu-accel-tcg-x86-7.1.0-150500.47.15 updated - qemu-ipxe-1.0.0+-150500.47.15 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.15 updated - qemu-sgabios-8-150500.47.15 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.15 updated - vim-data-common-9.0.1443-150500.18.1 updated - libhogweed6-3.8.1-150500.2.25 updated - qemu-hw-usb-redirect-7.1.0-150500.47.15 updated - vim-small-9.0.1443-150500.18.1 updated - xen-libs-4.17.0_06-150500.1.10 updated - qemu-tools-7.1.0-150500.47.15 updated - libvirt-libs-9.0.0-150500.4.3 updated - libvirt-daemon-9.0.0-150500.4.3 updated - libvirt-client-9.0.0-150500.4.3 updated - kubevirt-virt-launcher-0.58.0-150500.6.3 updated - qemu-x86-7.1.0-150500.47.15 updated - qemu-7.1.0-150500.47.15 updated - libvirt-daemon-driver-qemu-9.0.0-150500.4.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:50 +0200 (CEST) Subject: SUSE-CU-2023:1613-1: Security update of suse/sles/15.5/libguestfs-tools Message-ID: <20230524070450.64CE4F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1613-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.6.3 , suse/sles/15.5/libguestfs-tools:0.58.0.17.247 Container Release : 17.247 Severity : important Type : security References : 1209122 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libprocps7-3.3.15-150000.7.31.1 updated - procps-3.3.15-150000.7.31.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - curl-8.0.1-150400.5.23.1 updated - btrfsprogs-udev-rules-5.14-150500.8.23 updated - libcapstone4-4.0.2-150500.1.3 updated - libnettle8-3.8.1-150500.2.25 updated - mdadm-4.2-150500.4.4 updated - qemu-accel-tcg-x86-7.1.0-150500.47.15 updated - qemu-ipxe-1.0.0+-150500.47.15 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.15 updated - qemu-sgabios-8-150500.47.15 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.15 updated - libhogweed6-3.8.1-150500.2.25 updated - btrfsprogs-5.14-150500.8.23 updated - xen-libs-4.17.0_06-150500.1.10 updated - qemu-tools-7.1.0-150500.47.15 updated - libvirt-libs-9.0.0-150500.4.3 updated - dracut-mkinitrd-deprecated-055+suse.360.g076f1113-150500.1.4 updated - dracut-055+suse.360.g076f1113-150500.1.4 updated - kernel-kvmsmall-5.14.21-150500.53.2 updated - dracut-fips-055+suse.360.g076f1113-150500.1.4 updated - qemu-x86-7.1.0-150500.47.15 updated - qemu-7.1.0-150500.47.15 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 07:04:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 09:04:57 +0200 (CEST) Subject: SUSE-CU-2023:1614-1: Security update of suse/sles/15.5/virt-operator Message-ID: <20230524070457.7E1A5F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1614-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.6.3 , suse/sles/15.5/virt-operator:0.58.0.17.266 Container Release : 17.266 Severity : important Type : security References : 1210434 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - kubevirt-virt-operator-0.58.0-150500.6.3 updated - container:sles15-image-15.0.0-34.37 updated From sle-updates at lists.suse.com Wed May 24 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2280-1: important: Security update for rmt-server Message-ID: <168491700367.15301.7736792676651299616@smelt2.suse.de> # Security update for rmt-server Announcement ID: SUSE-SU-2023:2280-1 Rating: important References: * #1202053 * #1203171 * #1206593 * #1207670 * #1209096 * #1209507 * #1209825 * #1211398 Cross-References: * CVE-2023-27530 * CVE-2023-28120 CVSS scores: * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28120 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Public Cloud Module 15-SP3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities and has six fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: Updated to version 2.13: \- CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507). \- CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096). Non-security fixes: \- Fixed transactional update on GCE (bsc#1211398). \- Use HTTPS in rmt-client-setup-res (bsc#1209825). \- Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2280=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2280=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2280=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2280=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2280=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2280=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2280=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2280=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2280=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2280=1 ## Package List: * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-pubcloud-2.13-150300.3.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Manager Proxy 4.2 (x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rmt-server-2.13-150300.3.24.1 * rmt-server-debugsource-2.13-150300.3.24.1 * rmt-server-debuginfo-2.13-150300.3.24.1 * rmt-server-config-2.13-150300.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27530.html * https://www.suse.com/security/cve/CVE-2023-28120.html * https://bugzilla.suse.com/show_bug.cgi?id=1202053 * https://bugzilla.suse.com/show_bug.cgi?id=1203171 * https://bugzilla.suse.com/show_bug.cgi?id=1206593 * https://bugzilla.suse.com/show_bug.cgi?id=1207670 * https://bugzilla.suse.com/show_bug.cgi?id=1209096 * https://bugzilla.suse.com/show_bug.cgi?id=1209507 * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1211398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 08:30:06 -0000 Subject: SUSE-RU-2023:2279-1: moderate: Recommended update for dracut Message-ID: <168491700608.15301.15673527188448451406@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2279-1 Rating: moderate References: * #1204478 * #1210640 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2279=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2279=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2279=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2279=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2279=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2279=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2279=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-extra-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-ima-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-tools-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-debugsource-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-ima-055+suse.342.g2e6dce8e-150400.3.22.1 * dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204478 * https://bugzilla.suse.com/show_bug.cgi?id=1210640 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2278-1: moderate: Recommended update for dracut Message-ID: <168491700750.15301.7149420011551644170@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2278-1 Rating: moderate References: * #1210640 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2278=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2278=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2278=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2278=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * dracut-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debugsource-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-ima-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-fips-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debuginfo-049.1+suse.253.g1008bf13-150200.3.69.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dracut-fips-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debugsource-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debuginfo-049.1+suse.253.g1008bf13-150200.3.69.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-fips-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debugsource-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debuginfo-049.1+suse.253.g1008bf13-150200.3.69.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-fips-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debugsource-049.1+suse.253.g1008bf13-150200.3.69.1 * dracut-debuginfo-049.1+suse.253.g1008bf13-150200.3.69.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210640 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 08:30:08 -0000 Subject: SUSE-RU-2023:2277-1: moderate: Recommended update for osc Message-ID: <168491700845.15301.12008017408690566992@smelt2.suse.de> # Recommended update for osc Announcement ID: SUSE-RU-2023:2277-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that can now be installed. ## Description: This update for osc fixes the following issues: * Fix crash due to list having no copy attribute on python2 * Fix crash in ssh auth when .ssh directory is missing ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2277=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * osc-0.182.1-15.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 08:30:10 -0000 Subject: SUSE-RU-2023:2276-1: moderate: Recommended update for grub2 Message-ID: <168491701052.15301.5931026896643264730@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:2276-1 Rating: moderate References: * #1204563 * #1208581 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) * Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2276=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2276=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2276=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2276=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2276=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2276=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2276=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2276=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2276=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-debugsource-2.06-150400.11.33.1 * openSUSE Leap Micro 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * openSUSE Leap 15.4 (noarch) * grub2-i386-pc-debug-2.06-150400.11.33.1 * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * grub2-x86_64-efi-debug-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-powerpc-ieee1275-extras-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-powerpc-ieee1275-2.06-150400.11.33.1 * grub2-arm64-efi-extras-2.06-150400.11.33.1 * grub2-systemd-sleep-plugin-2.06-150400.11.33.1 * grub2-i386-xen-extras-2.06-150400.11.33.1 * grub2-x86_64-efi-extras-2.06-150400.11.33.1 * grub2-s390x-emu-extras-2.06-150400.11.33.1 * grub2-i386-efi-extras-2.06-150400.11.33.1 * grub2-arm64-efi-debug-2.06-150400.11.33.1 * grub2-x86_64-xen-extras-2.06-150400.11.33.1 * grub2-i386-pc-extras-2.06-150400.11.33.1 * grub2-powerpc-ieee1275-debug-2.06-150400.11.33.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-branding-upstream-2.06-150400.11.33.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.33.1 * openSUSE Leap 15.4 (s390x) * grub2-s390x-emu-debug-2.06-150400.11.33.1 * grub2-s390x-emu-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-debugsource-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-debugsource-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-debugsource-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * grub2-debugsource-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-x86_64-xen-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150400.11.33.1 * grub2-debuginfo-2.06-150400.11.33.1 * Basesystem Module 15-SP4 (noarch) * grub2-x86_64-efi-2.06-150400.11.33.1 * grub2-snapper-plugin-2.06-150400.11.33.1 * grub2-arm64-efi-2.06-150400.11.33.1 * grub2-powerpc-ieee1275-2.06-150400.11.33.1 * grub2-systemd-sleep-plugin-2.06-150400.11.33.1 * grub2-i386-pc-2.06-150400.11.33.1 * Basesystem Module 15-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.33.1 * Basesystem Module 15-SP4 (s390x) * grub2-s390x-emu-2.06-150400.11.33.1 * Server Applications Module 15-SP4 (noarch) * grub2-x86_64-xen-2.06-150400.11.33.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * grub2-arm64-efi-2.06-150400.11.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204563 * https://bugzilla.suse.com/show_bug.cgi?id=1208581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 12:30:05 -0000 Subject: SUSE-SU-2023:2285-1: important: Security update for texlive Message-ID: <168493140581.21950.2770098095369034762@smelt2.suse.de> # Security update for texlive Announcement ID: SUSE-SU-2023:2285-1 Rating: important References: * #1211389 Cross-References: * CVE-2023-32700 CVSS scores: * CVE-2023-32700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2285=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2285=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2285=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2285=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2285=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2285=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2285=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2285=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2285=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2285=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2285=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Enterprise Storage 7.1 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150200.21.4.1 * texlive-bin-devel-2017.20170520-150200.21.4.1 * texlive-ptexenc-devel-1.3.5-150200.21.4.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-omegaware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latex2man-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-lollipop-bin-2017.20170520.svn41465-150200.21.4.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150200.21.4.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-lwarp-bin-2017.20170520.svn43292-150200.21.4.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150200.21.4.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150200.21.4.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-5.2.4-150200.21.4.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150200.21.4.1 * texlive-accfonts-bin-2017.20170520.svn12688-150200.21.4.1 * texlive-ctanify-bin-2017.20170520.svn24061-150200.21.4.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150200.21.4.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150200.21.4.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150200.21.4.1 * texlive-xetex-bin-2017.20170520.svn44361-150200.21.4.1 * texlive-ltximg-bin-2017.20170520.svn32346-150200.21.4.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-perltex-bin-2017.20170520.svn16181-150200.21.4.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-cweb-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texlua-devel-5.2.4-150200.21.4.1 * texlive-mfware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pax-bin-2017.20170520.svn10843-150200.21.4.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexindent-bin-2017.20170520.svn32150-150200.21.4.1 * texlive-musixtex-bin-2017.20170520.svn37026-150200.21.4.1 * texlive-m-tx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-findhyph-bin-2017.20170520.svn14758-150200.21.4.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviasm-bin-2017.20170520.svn8329-150200.21.4.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150200.21.4.1 * texlive-jadetex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150200.21.4.1 * texlive-cslatex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tetex-bin-2017.20170520.svn43957-150200.21.4.1 * texlive-xmltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdef-bin-2017.20170520.svn21802-150200.21.4.1 * texlive-texsis-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150200.21.4.1 * texlive-texfot-bin-2017.20170520.svn33155-150200.21.4.1 * texlive-2017.20170520-150200.21.4.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvips-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-asymptote-bin-2017.20170520.svn43843-150200.21.4.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-match_parens-bin-2017.20170520.svn23500-150200.21.4.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-latexpand-bin-2017.20170520.svn27025-150200.21.4.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ebong-bin-2017.20170520.svn21000-150200.21.4.1 * texlive-lacheck-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ulqda-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150200.21.4.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-checkcites-bin-2017.20170520.svn25623-150200.21.4.1 * texlive-luatex-bin-2017.20170520.svn44549-150200.21.4.1 * texlive-pmx-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-eplain-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150200.21.4.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texosquery-bin-2017.20170520.svn43596-150200.21.4.1 * libsynctex1-debuginfo-1.18-150200.21.4.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150200.21.4.1 * texlive-uplatex-bin-2017.20170520.svn26326-150200.21.4.1 * texlive-velthuis-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150200.21.4.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150200.21.4.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150200.21.4.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150200.21.4.1 * texlive-makeindex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150200.21.4.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150200.21.4.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-debuginfo-2017.20170520-150200.21.4.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150200.21.4.1 * texlive-detex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-rubik-bin-2017.20170520.svn32919-150200.21.4.1 * libptexenc1-debuginfo-1.3.5-150200.21.4.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150200.21.4.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-metafont-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makedtx-bin-2017.20170520.svn38769-150200.21.4.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150200.21.4.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-bin-2017.20170520.svn13364-150200.21.4.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150200.21.4.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-synctex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontinst-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-bibtex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150200.21.4.1 * texlive-patgen-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libtexlua52-5-debuginfo-5.2.4-150200.21.4.1 * texlive-amstex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-yplan-bin-2017.20170520.svn34398-150200.21.4.1 * libptexenc1-1.3.5-150200.21.4.1 * texlive-de-macro-bin-2017.20170520.svn17399-150200.21.4.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150200.21.4.1 * texlive-web-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150200.21.4.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * libsynctex1-1.18-150200.21.4.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dtl-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-platex-bin-2017.20170520.svn22859-150200.21.4.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150200.21.4.1 * texlive-tie-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150200.21.4.1 * texlive-mflua-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150200.21.4.1 * texlive-synctex-devel-1.18-150200.21.4.1 * texlive-bibexport-bin-2017.20170520.svn16219-150200.21.4.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150200.21.4.1 * texlive-seetexk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-ptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-epspdf-bin-2017.20170520.svn29050-150200.21.4.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150200.21.4.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150200.21.4.1 * texlive-urlbst-bin-2017.20170520.svn23262-150200.21.4.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150200.21.4.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150200.21.4.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150200.21.4.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150200.21.4.1 * texlive-authorindex-bin-2017.20170520.svn18790-150200.21.4.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150200.21.4.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150200.21.4.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150200.21.4.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150200.21.4.1 * texlive-listbib-bin-2017.20170520.svn26126-150200.21.4.1 * texlive-pstools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-checklistings-bin-2017.20170520.svn38300-150200.21.4.1 * texlive-mkpic-bin-2017.20170520.svn33688-150200.21.4.1 * texlive-texconfig-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-metapost-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texdoc-bin-2017.20170520.svn29741-150200.21.4.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150200.21.4.1 * texlive-debugsource-2017.20170520-150200.21.4.1 * texlive-srcredact-bin-2017.20170520.svn38710-150200.21.4.1 * texlive-fontools-bin-2017.20170520.svn25997-150200.21.4.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150200.21.4.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150200.21.4.1 * texlive-dviljk-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-debuginfo-6.2.3-150200.21.4.1 * texlive-getmap-bin-2017.20170520.svn34971-150200.21.4.1 * texlive-uptex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-texluajit-devel-2.1.0beta2-150200.21.4.1 * texlive-cachepic-bin-2017.20170520.svn15543-150200.21.4.1 * texlive-exceltex-bin-2017.20170520.svn25860-150200.21.4.1 * texlive-mltex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-texware-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-mex-bin-2017.20170520.svn3006-150200.21.4.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150200.21.4.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-make4ht-bin-2017.20170520.svn37750-150200.21.4.1 * texlive-pdftex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-splitindex-bin-2017.20170520.svn29688-150200.21.4.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-vlna-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pythontex-bin-2017.20170520.svn31638-150200.21.4.1 * texlive-csplain-bin-2017.20170520.svn33902-150200.21.4.1 * texlive-glossaries-bin-2017.20170520.svn37813-150200.21.4.1 * texlive-mathspic-bin-2017.20170520.svn23661-150200.21.4.1 * texlive-vpe-bin-2017.20170520.svn6897-150200.21.4.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150200.21.4.1 * texlive-autosp-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-fontware-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-2.1.0beta2-150200.21.4.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150200.21.4.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150200.21.4.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150200.21.4.1 * texlive-context-bin-2017.20170520.svn34112-150200.21.4.1 * texlive-pdftools-bin-2017.20170520.svn44143-150200.21.4.1 * libkpathsea6-6.2.3-150200.21.4.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-a2ping-bin-2017.20170520.svn27321-150200.21.4.1 * texlive-aleph-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-arara-bin-2017.20170520.svn29036-150200.21.4.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150200.21.4.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150200.21.4.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150200.21.4.1 * texlive-latexmk-bin-2017.20170520.svn10937-150200.21.4.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-xdvi-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150200.21.4.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150200.21.4.1 * libtexluajit2-debuginfo-2.1.0beta2-150200.21.4.1 * texlive-chktex-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-kpathsea-devel-6.2.3-150200.21.4.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150200.21.4.1 * texlive-texcount-bin-2017.20170520.svn13013-150200.21.4.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150200.21.4.1 * texlive-dvipos-bin-2017.20170520.svn44143-150200.21.4.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150200.21.4.1 * texlive-texdiff-bin-2017.20170520.svn15506-150200.21.4.1 * SUSE Enterprise Storage 7 (noarch) * perl-biber-2017.20170520.svn30357-150200.21.4.1 * texlive-diadia-bin-2017.20170520.svn37645-150200.21.4.1 * texlive-biber-bin-2017.20170520.svn42679-150200.21.4.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32700.html * https://bugzilla.suse.com/show_bug.cgi?id=1211389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2284-1: important: Security update for texlive Message-ID: <168493140983.21950.321646199813627371@smelt2.suse.de> # Security update for texlive Announcement ID: SUSE-SU-2023:2284-1 Rating: important References: * #1211389 Cross-References: * CVE-2023-32700 CVSS scores: * CVE-2023-32700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2284=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2284=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2284=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2284=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2284=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * texlive-texware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ltxfileinfo-bin-2021.20210325.svn29005-150400.31.3.1 * texlive-make4ht-bin-2021.20210325.svn37750-150400.31.3.1 * texlive-thumbpdf-bin-2021.20210325.svn6898-150400.31.3.1 * texlive-lilyglyphs-bin-2021.20210325.svn31696-150400.31.3.1 * texlive-perltex-bin-2021.20210325.svn16181-150400.31.3.1 * texlive-texplate-bin-2021.20210325.svn53444-150400.31.3.1 * texlive-dvips-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-xdvi-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-autosp-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-purifyeps-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-findhyph-bin-2021.20210325.svn14758-150400.31.3.1 * texlive-epstopdf-bin-2021.20210325.svn18336-150400.31.3.1 * texlive-bibexport-bin-2021.20210325.svn16219-150400.31.3.1 * texlive-listbib-bin-2021.20210325.svn26126-150400.31.3.1 * texlive-mkpic-bin-2021.20210325.svn33688-150400.31.3.1 * texlive-texdoc-bin-2021.20210325.svn47948-150400.31.3.1 * texlive-tex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-chklref-bin-2021.20210325.svn52631-150400.31.3.1 * texlive-tie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-papersize-bin-2021.20210325.svn42296-150400.31.3.1 * texlive-ptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pdflatexpicscale-bin-2021.20210325.svn41779-150400.31.3.1 * texlive-mkgrkindex-bin-2021.20210325.svn14428-150400.31.3.1 * texlive-tex4ebook-bin-2021.20210325.svn37771-150400.31.3.1 * libsynctex2-1.21-150400.31.3.1 * texlive-asymptote-bin-2021.20210325.svn57890-150400.31.3.1 * texlive-lacheck-bin-debuginfo-2021.20210325.svn53999-150400.31.3.1 * texlive-makeindex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texsis-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-detex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-debuginfo-6.3.3-150400.31.3.1 * texlive-authorindex-bin-2021.20210325.svn18790-150400.31.3.1 * texlive-dviinfox-bin-2021.20210325.svn44515-150400.31.3.1 * texlive-pdftex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-hyperxmp-bin-2021.20210325.svn56984-150400.31.3.1 * texlive-debuginfo-2021.20210325-150400.31.3.1 * texlive-ulqda-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-texosquery-bin-2021.20210325.svn43596-150400.31.3.1 * texlive-listings-ext-bin-2021.20210325.svn15093-150400.31.3.1 * texlive-ptex2pdf-bin-2021.20210325.svn29335-150400.31.3.1 * texlive-latex-bin-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-latexmk-bin-2021.20210325.svn10937-150400.31.3.1 * texlive-ps2eps-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-autosp-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-bin-bin-2021.20210325.svn54358-150400.31.3.1 * texlive-xpdfopen-bin-2021.20210325.svn52917-150400.31.3.1 * texlive-axodraw2-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-chktex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-cjk-gs-integrate-bin-2021.20210325.svn37223-150400.31.3.1 * texlive-latex-git-log-bin-2021.20210325.svn30983-150400.31.3.1 * texlive-getmap-bin-2021.20210325.svn34971-150400.31.3.1 * texlive-latexfileversion-bin-2021.20210325.svn25012-150400.31.3.1 * texlive-debugsource-2021.20210325-150400.31.3.1 * texlive-dvipos-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ltximg-bin-2021.20210325.svn32346-150400.31.3.1 * texlive-mfware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pax-bin-2021.20210325.svn10843-150400.31.3.1 * texlive-xdvi-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pythontex-bin-2021.20210325.svn31638-150400.31.3.1 * texlive-urlbst-bin-2021.20210325.svn23262-150400.31.3.1 * texlive-luahbtex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-light-latex-make-bin-2021.20210325.svn56352-150400.31.3.1 * texlive-wordcount-bin-2021.20210325.svn46165-150400.31.3.1 * texlive-scripts-extra-bin-2021.20210325.svn53577-150400.31.3.1 * texlive-pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ptexenc-devel-1.3.9-150400.31.3.1 * texlive-accfonts-bin-2021.20210325.svn12688-150400.31.3.1 * texlive-texdiff-bin-2021.20210325.svn15506-150400.31.3.1 * texlive-gsftopk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-seetexk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-tex4ht-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ctie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-texdoctk-bin-2021.20210325.svn29741-150400.31.3.1 * texlive-bibtex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-convbkmk-bin-2021.20210325.svn30408-150400.31.3.1 * texlive-dvipng-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-latex2nemeth-bin-2021.20210325.svn42300-150400.31.3.1 * texlive-optex-bin-2021.20210325.svn53804-150400.31.3.1 * texlive-dvicopy-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipos-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cyrillic-bin-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-xelatex-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-dviljk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-csplain-bin-2021.20210325.svn50528-150400.31.3.1 * texlive-pdfxup-bin-2021.20210325.svn40690-150400.31.3.1 * texlive-splitindex-bin-2021.20210325.svn29688-150400.31.3.1 * texlive-xetex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-aleph-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dvidvi-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmxchords-bin-2021.20210325.svn32405-150400.31.3.1 * texlive-xml2pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-a2ping-bin-2021.20210325.svn27321-150400.31.3.1 * texlive-ps2pk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dosepsbin-bin-2021.20210325.svn24759-150400.31.3.1 * texlive-pdftosrc-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-fragmaster-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-attachfile2-bin-2021.20210325.svn52909-150400.31.3.1 * texlive-kpathsea-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-match_parens-bin-2021.20210325.svn23500-150400.31.3.1 * texlive-dvipng-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-git-latexdiff-bin-2021.20210325.svn54732-150400.31.3.1 * texlive-platex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-xmltex-bin-2021.20210325.svn3006-150400.31.3.1 * libptexenc1-1.3.9-150400.31.3.1 * texlive-lcdftypetools-bin-2021.20210325.svn57878-150400.31.3.1 * libsynctex2-debuginfo-1.21-150400.31.3.1 * texlive-eplain-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fig4latex-bin-2021.20210325.svn14752-150400.31.3.1 * texlive-mathspic-bin-2021.20210325.svn23661-150400.31.3.1 * texlive-asymptote-bin-debuginfo-2021.20210325.svn57890-150400.31.3.1 * texlive-omegaware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-xindex-bin-2021.20210325.svn49312-150400.31.3.1 * texlive-amstex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-dviasm-bin-2021.20210325.svn8329-150400.31.3.1 * texlive-multibibliography-bin-2021.20210325.svn30534-150400.31.3.1 * texlive-patgen-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-musixtnt-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvipdfmx-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-mltex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-sty2dtx-bin-2021.20210325.svn21215-150400.31.3.1 * texlive-latexpand-bin-2021.20210325.svn27025-150400.31.3.1 * texlive-metapost-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-makedtx-bin-2021.20210325.svn38769-150400.31.3.1 * texlive-makeindex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cluttex-bin-2021.20210325.svn48871-150400.31.3.1 * texlive-tpic2pdftex-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cslatex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fontware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-epspdf-bin-2021.20210325.svn29050-150400.31.3.1 * texlive-dvidvi-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-m-tx-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cachepic-bin-2021.20210325.svn15543-150400.31.3.1 * texlive-checklistings-bin-2021.20210325.svn38300-150400.31.3.1 * texlive-mf2pt1-bin-2021.20210325.svn23406-150400.31.3.1 * texlive-bibtex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pdfcrop-bin-2021.20210325.svn14387-150400.31.3.1 * texlive-fontinst-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-omegaware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-metafont-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-bin-devel-2021.20210325-150400.31.3.1 * texlive-luaotfload-bin-2021.20210325.svn34647-150400.31.3.1 * texlive-texfot-bin-2021.20210325.svn33155-150400.31.3.1 * texlive-scripts-bin-2021.20210325.svn55172-150400.31.3.1 * texlive-bib2gls-bin-2021.20210325.svn45266-150400.31.3.1 * texlive-exceltex-bin-2021.20210325.svn25860-150400.31.3.1 * texlive-texlua-devel-5.3.6-150400.31.3.1 * texlive-jadetex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-seetexk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-jfmutil-bin-2021.20210325.svn44835-150400.31.3.1 * texlive-lcdftypetools-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ttfutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-rubik-bin-2021.20210325.svn32919-150400.31.3.1 * texlive-ctie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texcount-bin-2021.20210325.svn13013-150400.31.3.1 * texlive-xetex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-xml2pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-crossrefware-bin-2021.20210325.svn45927-150400.31.3.1 * texlive-texloganalyser-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-tex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pfarrei-bin-2021.20210325.svn29348-150400.31.3.1 * texlive-svn-multi-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-synctex-devel-1.21-150400.31.3.1 * texlive-chktex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-6.3.3-150400.31.3.1 * texlive-kpathsea-devel-6.3.3-150400.31.3.1 * texlive-metapost-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-tie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uplatex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-pedigree-perl-bin-2021.20210325.svn25962-150400.31.3.1 * texlive-kotex-utils-bin-2021.20210325.svn32101-150400.31.3.1 * texlive-luajittex-bin-2021.20210325.svn58535-150400.31.3.1 * libptexenc1-debuginfo-1.3.9-150400.31.3.1 * texlive-mex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-pdfjam-bin-2021.20210325.svn52858-150400.31.3.1 * texlive-ctanify-bin-2021.20210325.svn24061-150400.31.3.1 * texlive-dtxgen-bin-2021.20210325.svn29031-150400.31.3.1 * texlive-axodraw2-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-vlna-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-bibtex8-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-bibtexu-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-de-macro-bin-2021.20210325.svn17399-150400.31.3.1 * texlive-fontware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-checkcites-bin-2021.20210325.svn25623-150400.31.3.1 * texlive-context-bin-2021.20210325.svn34112-150400.31.3.1 * texlive-dviout-util-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexindent-bin-2021.20210325.svn32150-150400.31.3.1 * texlive-ctanbib-bin-2021.20210325.svn48478-150400.31.3.1 * texlive-metafont-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dtl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mptopdf-bin-2021.20210325.svn18674-150400.31.3.1 * libtexlua53-5-5.3.6-150400.31.3.1 * texlive-pdfbook2-bin-2021.20210325.svn37537-150400.31.3.1 * texlive-pkfix-bin-2021.20210325.svn13364-150400.31.3.1 * texlive-dviout-util-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-synctex-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-cweb-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-tex4ht-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-kpathsea-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dviljk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-webquiz-bin-2021.20210325.svn50419-150400.31.3.1 * texlive-latex2man-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-cjkutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mflua-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-musixtex-bin-2021.20210325.svn37026-150400.31.3.1 * texlive-pdftosrc-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-gregoriotex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-musixtnt-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-2021.20210325-150400.31.3.1 * texlive-texdef-bin-2021.20210325.svn45011-150400.31.3.1 * texlive-xpdfopen-bin-debuginfo-2021.20210325.svn52917-150400.31.3.1 * texlive-velthuis-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-mflua-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-pdftex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ttfutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ctan-o-mat-bin-2021.20210325.svn46996-150400.31.3.1 * texlive-ketcindy-bin-2021.20210325.svn49033-150400.31.3.1 * texlive-clojure-pamphlet-bin-2021.20210325.svn51944-150400.31.3.1 * texlive-lwarp-bin-2021.20210325.svn43292-150400.31.3.1 * texlive-afm2pl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipdfmx-bin-2021.20210325.svn58535-150400.31.3.1 * libtexlua53-5-debuginfo-5.3.6-150400.31.3.1 * texlive-mfware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pst-pdf-bin-2021.20210325.svn7838-150400.31.3.1 * texlive-pst2pdf-bin-2021.20210325.svn29333-150400.31.3.1 * texlive-typeoutfileinfo-bin-2021.20210325.svn25648-150400.31.3.1 * texlive-gregoriotex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-web-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-fontools-bin-2021.20210325.svn25997-150400.31.3.1 * texlive-afm2pl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-luahbtex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-arara-bin-2021.20210325.svn29036-150400.31.3.1 * texlive-adhocfilelist-bin-2021.20210325.svn28038-150400.31.3.1 * texlive-lollipop-bin-2021.20210325.svn41465-150400.31.3.1 * texlive-dtl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-albatross-bin-2021.20210325.svn57089-150400.31.3.1 * texlive-bundledoc-bin-2021.20210325.svn17794-150400.31.3.1 * texlive-synctex-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-ps2eps-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-tikztosvg-bin-2021.20210325.svn55132-150400.31.3.1 * texlive-bibtex8-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-petri-nets-bin-2021.20210325.svn39165-150400.31.3.1 * texlive-texdirflatten-bin-2021.20210325.svn12782-150400.31.3.1 * texlive-aleph-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pygmentex-bin-2021.20210325.svn34996-150400.31.3.1 * texlive-ps2pk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-detex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-lacheck-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-texliveonfly-bin-2021.20210325.svn24062-150400.31.3.1 * texlive-gsftopk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-vpe-bin-2021.20210325.svn6897-150400.31.3.1 * texlive-bibtexu-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pdftex-quiet-bin-2021.20210325.svn49140-150400.31.3.1 * texlive-yplan-bin-2021.20210325.svn34398-150400.31.3.1 * texlive-vlna-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-web-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-luatex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-pkfix-helper-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-velthuis-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-cjkutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexdiff-bin-2021.20210325.svn16420-150400.31.3.1 * texlive-luatex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ctanupload-bin-2021.20210325.svn23866-150400.31.3.1 * texlive-mkjobtexmf-bin-2021.20210325.svn8457-150400.31.3.1 * texlive-patgen-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-srcredact-bin-2021.20210325.svn38710-150400.31.3.1 * texlive-spix-bin-2021.20210325.svn55933-150400.31.3.1 * texlive-m-tx-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvips-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-glossaries-bin-2021.20210325.svn37813-150400.31.3.1 * texlive-ptex-fontmaps-bin-2021.20210325.svn44206-150400.31.3.1 * texlive-texware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-l3build-bin-2021.20210325.svn46894-150400.31.3.1 * texlive-cweb-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-dvicopy-bin-2021.20210325.svn57878-150400.31.3.1 * openSUSE Leap 15.4 (aarch64 x86_64) * texlive-luajittex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-texluajit-devel-2.1.0beta3-150400.31.3.1 * libtexluajit2-2.1.0beta3-150400.31.3.1 * libtexluajit2-debuginfo-2.1.0beta3-150400.31.3.1 * openSUSE Leap 15.4 (noarch) * perl-biber-2021.20210325.svn30357-150400.31.3.1 * texlive-biber-bin-2021.20210325.svn57273-150400.31.3.1 * texlive-diadia-bin-2021.20210325.svn37645-150400.31.3.1 * Basesystem Module 15-SP4 (noarch) * perl-biber-2021.20210325.svn30357-150400.31.3.1 * Basesystem Module 15-SP5 (noarch) * perl-biber-2021.20210325.svn30357-150400.31.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * texlive-texware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ltxfileinfo-bin-2021.20210325.svn29005-150400.31.3.1 * texlive-make4ht-bin-2021.20210325.svn37750-150400.31.3.1 * texlive-thumbpdf-bin-2021.20210325.svn6898-150400.31.3.1 * texlive-lilyglyphs-bin-2021.20210325.svn31696-150400.31.3.1 * texlive-perltex-bin-2021.20210325.svn16181-150400.31.3.1 * texlive-texplate-bin-2021.20210325.svn53444-150400.31.3.1 * texlive-dvips-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-xdvi-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-autosp-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-purifyeps-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-findhyph-bin-2021.20210325.svn14758-150400.31.3.1 * texlive-epstopdf-bin-2021.20210325.svn18336-150400.31.3.1 * texlive-bibexport-bin-2021.20210325.svn16219-150400.31.3.1 * texlive-listbib-bin-2021.20210325.svn26126-150400.31.3.1 * texlive-mkpic-bin-2021.20210325.svn33688-150400.31.3.1 * texlive-texdoc-bin-2021.20210325.svn47948-150400.31.3.1 * texlive-tex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-chklref-bin-2021.20210325.svn52631-150400.31.3.1 * texlive-tie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-papersize-bin-2021.20210325.svn42296-150400.31.3.1 * texlive-ptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pdflatexpicscale-bin-2021.20210325.svn41779-150400.31.3.1 * texlive-mkgrkindex-bin-2021.20210325.svn14428-150400.31.3.1 * texlive-tex4ebook-bin-2021.20210325.svn37771-150400.31.3.1 * libsynctex2-1.21-150400.31.3.1 * texlive-asymptote-bin-2021.20210325.svn57890-150400.31.3.1 * texlive-lacheck-bin-debuginfo-2021.20210325.svn53999-150400.31.3.1 * texlive-makeindex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texsis-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-detex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-debuginfo-6.3.3-150400.31.3.1 * texlive-authorindex-bin-2021.20210325.svn18790-150400.31.3.1 * texlive-dviinfox-bin-2021.20210325.svn44515-150400.31.3.1 * texlive-pdftex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-hyperxmp-bin-2021.20210325.svn56984-150400.31.3.1 * texlive-debuginfo-2021.20210325-150400.31.3.1 * texlive-ulqda-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-texosquery-bin-2021.20210325.svn43596-150400.31.3.1 * texlive-listings-ext-bin-2021.20210325.svn15093-150400.31.3.1 * texlive-ptex2pdf-bin-2021.20210325.svn29335-150400.31.3.1 * texlive-latex-bin-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-latexmk-bin-2021.20210325.svn10937-150400.31.3.1 * texlive-ps2eps-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-autosp-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-bin-bin-2021.20210325.svn54358-150400.31.3.1 * texlive-xpdfopen-bin-2021.20210325.svn52917-150400.31.3.1 * texlive-axodraw2-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-chktex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-cjk-gs-integrate-bin-2021.20210325.svn37223-150400.31.3.1 * texlive-latex-git-log-bin-2021.20210325.svn30983-150400.31.3.1 * texlive-getmap-bin-2021.20210325.svn34971-150400.31.3.1 * texlive-latexfileversion-bin-2021.20210325.svn25012-150400.31.3.1 * texlive-debugsource-2021.20210325-150400.31.3.1 * texlive-dvipos-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ltximg-bin-2021.20210325.svn32346-150400.31.3.1 * texlive-mfware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pax-bin-2021.20210325.svn10843-150400.31.3.1 * texlive-xdvi-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pythontex-bin-2021.20210325.svn31638-150400.31.3.1 * texlive-urlbst-bin-2021.20210325.svn23262-150400.31.3.1 * texlive-luahbtex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-light-latex-make-bin-2021.20210325.svn56352-150400.31.3.1 * texlive-wordcount-bin-2021.20210325.svn46165-150400.31.3.1 * texlive-scripts-extra-bin-2021.20210325.svn53577-150400.31.3.1 * texlive-pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ptexenc-devel-1.3.9-150400.31.3.1 * texlive-accfonts-bin-2021.20210325.svn12688-150400.31.3.1 * texlive-texdiff-bin-2021.20210325.svn15506-150400.31.3.1 * texlive-gsftopk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-seetexk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-tex4ht-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ctie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-texdoctk-bin-2021.20210325.svn29741-150400.31.3.1 * texlive-bibtex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-convbkmk-bin-2021.20210325.svn30408-150400.31.3.1 * texlive-dvipng-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-latex2nemeth-bin-2021.20210325.svn42300-150400.31.3.1 * texlive-optex-bin-2021.20210325.svn53804-150400.31.3.1 * texlive-dvicopy-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipos-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cyrillic-bin-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-xelatex-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-dviljk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-csplain-bin-2021.20210325.svn50528-150400.31.3.1 * texlive-pdfxup-bin-2021.20210325.svn40690-150400.31.3.1 * texlive-splitindex-bin-2021.20210325.svn29688-150400.31.3.1 * texlive-xetex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-aleph-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dvidvi-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmxchords-bin-2021.20210325.svn32405-150400.31.3.1 * texlive-xml2pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-a2ping-bin-2021.20210325.svn27321-150400.31.3.1 * texlive-ps2pk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dosepsbin-bin-2021.20210325.svn24759-150400.31.3.1 * texlive-pdftosrc-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-fragmaster-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-attachfile2-bin-2021.20210325.svn52909-150400.31.3.1 * texlive-kpathsea-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-match_parens-bin-2021.20210325.svn23500-150400.31.3.1 * texlive-dvipng-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-git-latexdiff-bin-2021.20210325.svn54732-150400.31.3.1 * texlive-platex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-xmltex-bin-2021.20210325.svn3006-150400.31.3.1 * libptexenc1-1.3.9-150400.31.3.1 * texlive-lcdftypetools-bin-2021.20210325.svn57878-150400.31.3.1 * libsynctex2-debuginfo-1.21-150400.31.3.1 * texlive-eplain-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fig4latex-bin-2021.20210325.svn14752-150400.31.3.1 * texlive-mathspic-bin-2021.20210325.svn23661-150400.31.3.1 * texlive-asymptote-bin-debuginfo-2021.20210325.svn57890-150400.31.3.1 * texlive-omegaware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-xindex-bin-2021.20210325.svn49312-150400.31.3.1 * texlive-amstex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-dviasm-bin-2021.20210325.svn8329-150400.31.3.1 * texlive-multibibliography-bin-2021.20210325.svn30534-150400.31.3.1 * texlive-patgen-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-musixtnt-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvipdfmx-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-mltex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-sty2dtx-bin-2021.20210325.svn21215-150400.31.3.1 * texlive-latexpand-bin-2021.20210325.svn27025-150400.31.3.1 * texlive-metapost-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-makedtx-bin-2021.20210325.svn38769-150400.31.3.1 * texlive-makeindex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cluttex-bin-2021.20210325.svn48871-150400.31.3.1 * texlive-tpic2pdftex-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cslatex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fontware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-epspdf-bin-2021.20210325.svn29050-150400.31.3.1 * texlive-dvidvi-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-m-tx-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cachepic-bin-2021.20210325.svn15543-150400.31.3.1 * texlive-checklistings-bin-2021.20210325.svn38300-150400.31.3.1 * texlive-mf2pt1-bin-2021.20210325.svn23406-150400.31.3.1 * texlive-bibtex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pdfcrop-bin-2021.20210325.svn14387-150400.31.3.1 * texlive-fontinst-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-omegaware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-metafont-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-bin-devel-2021.20210325-150400.31.3.1 * texlive-luaotfload-bin-2021.20210325.svn34647-150400.31.3.1 * texlive-texfot-bin-2021.20210325.svn33155-150400.31.3.1 * texlive-scripts-bin-2021.20210325.svn55172-150400.31.3.1 * texlive-bib2gls-bin-2021.20210325.svn45266-150400.31.3.1 * texlive-exceltex-bin-2021.20210325.svn25860-150400.31.3.1 * texlive-texlua-devel-5.3.6-150400.31.3.1 * texlive-jadetex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-seetexk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-jfmutil-bin-2021.20210325.svn44835-150400.31.3.1 * texlive-lcdftypetools-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ttfutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-rubik-bin-2021.20210325.svn32919-150400.31.3.1 * texlive-ctie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texcount-bin-2021.20210325.svn13013-150400.31.3.1 * texlive-xetex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-xml2pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-crossrefware-bin-2021.20210325.svn45927-150400.31.3.1 * texlive-texloganalyser-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-tex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pfarrei-bin-2021.20210325.svn29348-150400.31.3.1 * texlive-svn-multi-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-synctex-devel-1.21-150400.31.3.1 * texlive-chktex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-6.3.3-150400.31.3.1 * texlive-kpathsea-devel-6.3.3-150400.31.3.1 * texlive-metapost-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-tie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uplatex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-pedigree-perl-bin-2021.20210325.svn25962-150400.31.3.1 * texlive-kotex-utils-bin-2021.20210325.svn32101-150400.31.3.1 * texlive-luajittex-bin-2021.20210325.svn58535-150400.31.3.1 * libptexenc1-debuginfo-1.3.9-150400.31.3.1 * texlive-mex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-pdfjam-bin-2021.20210325.svn52858-150400.31.3.1 * texlive-ctanify-bin-2021.20210325.svn24061-150400.31.3.1 * texlive-dtxgen-bin-2021.20210325.svn29031-150400.31.3.1 * texlive-axodraw2-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-vlna-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-bibtex8-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-bibtexu-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-de-macro-bin-2021.20210325.svn17399-150400.31.3.1 * texlive-fontware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-checkcites-bin-2021.20210325.svn25623-150400.31.3.1 * texlive-context-bin-2021.20210325.svn34112-150400.31.3.1 * texlive-dviout-util-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexindent-bin-2021.20210325.svn32150-150400.31.3.1 * texlive-ctanbib-bin-2021.20210325.svn48478-150400.31.3.1 * texlive-metafont-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dtl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mptopdf-bin-2021.20210325.svn18674-150400.31.3.1 * libtexlua53-5-5.3.6-150400.31.3.1 * texlive-pdfbook2-bin-2021.20210325.svn37537-150400.31.3.1 * texlive-pkfix-bin-2021.20210325.svn13364-150400.31.3.1 * texlive-dviout-util-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-synctex-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-cweb-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-tex4ht-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-kpathsea-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dviljk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-webquiz-bin-2021.20210325.svn50419-150400.31.3.1 * texlive-latex2man-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-cjkutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mflua-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-musixtex-bin-2021.20210325.svn37026-150400.31.3.1 * texlive-pdftosrc-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-gregoriotex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-musixtnt-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-2021.20210325-150400.31.3.1 * texlive-texdef-bin-2021.20210325.svn45011-150400.31.3.1 * texlive-xpdfopen-bin-debuginfo-2021.20210325.svn52917-150400.31.3.1 * texlive-velthuis-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-mflua-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-pdftex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ttfutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ctan-o-mat-bin-2021.20210325.svn46996-150400.31.3.1 * texlive-ketcindy-bin-2021.20210325.svn49033-150400.31.3.1 * texlive-clojure-pamphlet-bin-2021.20210325.svn51944-150400.31.3.1 * texlive-lwarp-bin-2021.20210325.svn43292-150400.31.3.1 * texlive-afm2pl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipdfmx-bin-2021.20210325.svn58535-150400.31.3.1 * libtexlua53-5-debuginfo-5.3.6-150400.31.3.1 * texlive-mfware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pst-pdf-bin-2021.20210325.svn7838-150400.31.3.1 * texlive-pst2pdf-bin-2021.20210325.svn29333-150400.31.3.1 * texlive-typeoutfileinfo-bin-2021.20210325.svn25648-150400.31.3.1 * texlive-gregoriotex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-web-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-fontools-bin-2021.20210325.svn25997-150400.31.3.1 * texlive-afm2pl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-luahbtex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-arara-bin-2021.20210325.svn29036-150400.31.3.1 * texlive-adhocfilelist-bin-2021.20210325.svn28038-150400.31.3.1 * texlive-lollipop-bin-2021.20210325.svn41465-150400.31.3.1 * texlive-dtl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-albatross-bin-2021.20210325.svn57089-150400.31.3.1 * texlive-bundledoc-bin-2021.20210325.svn17794-150400.31.3.1 * texlive-synctex-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-ps2eps-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-tikztosvg-bin-2021.20210325.svn55132-150400.31.3.1 * texlive-bibtex8-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-petri-nets-bin-2021.20210325.svn39165-150400.31.3.1 * texlive-texdirflatten-bin-2021.20210325.svn12782-150400.31.3.1 * texlive-aleph-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pygmentex-bin-2021.20210325.svn34996-150400.31.3.1 * texlive-ps2pk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-detex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-lacheck-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-texliveonfly-bin-2021.20210325.svn24062-150400.31.3.1 * texlive-gsftopk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-vpe-bin-2021.20210325.svn6897-150400.31.3.1 * texlive-bibtexu-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pdftex-quiet-bin-2021.20210325.svn49140-150400.31.3.1 * texlive-yplan-bin-2021.20210325.svn34398-150400.31.3.1 * texlive-vlna-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-web-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-luatex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-pkfix-helper-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-velthuis-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-cjkutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexdiff-bin-2021.20210325.svn16420-150400.31.3.1 * texlive-luatex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ctanupload-bin-2021.20210325.svn23866-150400.31.3.1 * texlive-mkjobtexmf-bin-2021.20210325.svn8457-150400.31.3.1 * texlive-patgen-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-srcredact-bin-2021.20210325.svn38710-150400.31.3.1 * texlive-spix-bin-2021.20210325.svn55933-150400.31.3.1 * texlive-m-tx-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvips-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-glossaries-bin-2021.20210325.svn37813-150400.31.3.1 * texlive-ptex-fontmaps-bin-2021.20210325.svn44206-150400.31.3.1 * texlive-texware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-l3build-bin-2021.20210325.svn46894-150400.31.3.1 * texlive-cweb-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-dvicopy-bin-2021.20210325.svn57878-150400.31.3.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * texlive-luajittex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-texluajit-devel-2.1.0beta3-150400.31.3.1 * libtexluajit2-2.1.0beta3-150400.31.3.1 * libtexluajit2-debuginfo-2.1.0beta3-150400.31.3.1 * Desktop Applications Module 15-SP4 (noarch) * texlive-biber-bin-2021.20210325.svn57273-150400.31.3.1 * texlive-diadia-bin-2021.20210325.svn37645-150400.31.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * texlive-texware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ltxfileinfo-bin-2021.20210325.svn29005-150400.31.3.1 * texlive-make4ht-bin-2021.20210325.svn37750-150400.31.3.1 * texlive-thumbpdf-bin-2021.20210325.svn6898-150400.31.3.1 * texlive-lilyglyphs-bin-2021.20210325.svn31696-150400.31.3.1 * texlive-perltex-bin-2021.20210325.svn16181-150400.31.3.1 * texlive-texplate-bin-2021.20210325.svn53444-150400.31.3.1 * texlive-dvips-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-xdvi-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-autosp-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-purifyeps-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-findhyph-bin-2021.20210325.svn14758-150400.31.3.1 * texlive-epstopdf-bin-2021.20210325.svn18336-150400.31.3.1 * texlive-bibexport-bin-2021.20210325.svn16219-150400.31.3.1 * texlive-listbib-bin-2021.20210325.svn26126-150400.31.3.1 * texlive-mkpic-bin-2021.20210325.svn33688-150400.31.3.1 * texlive-texdoc-bin-2021.20210325.svn47948-150400.31.3.1 * texlive-tex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-chklref-bin-2021.20210325.svn52631-150400.31.3.1 * texlive-tie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-papersize-bin-2021.20210325.svn42296-150400.31.3.1 * texlive-ptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pdflatexpicscale-bin-2021.20210325.svn41779-150400.31.3.1 * texlive-mkgrkindex-bin-2021.20210325.svn14428-150400.31.3.1 * texlive-tex4ebook-bin-2021.20210325.svn37771-150400.31.3.1 * libsynctex2-1.21-150400.31.3.1 * texlive-asymptote-bin-2021.20210325.svn57890-150400.31.3.1 * texlive-lacheck-bin-debuginfo-2021.20210325.svn53999-150400.31.3.1 * texlive-makeindex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texsis-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-detex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-debuginfo-6.3.3-150400.31.3.1 * texlive-authorindex-bin-2021.20210325.svn18790-150400.31.3.1 * texlive-dviinfox-bin-2021.20210325.svn44515-150400.31.3.1 * texlive-pdftex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-hyperxmp-bin-2021.20210325.svn56984-150400.31.3.1 * texlive-debuginfo-2021.20210325-150400.31.3.1 * texlive-ulqda-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-texosquery-bin-2021.20210325.svn43596-150400.31.3.1 * texlive-listings-ext-bin-2021.20210325.svn15093-150400.31.3.1 * texlive-ptex2pdf-bin-2021.20210325.svn29335-150400.31.3.1 * texlive-latex-bin-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-latexmk-bin-2021.20210325.svn10937-150400.31.3.1 * texlive-ps2eps-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-autosp-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latex-bin-bin-2021.20210325.svn54358-150400.31.3.1 * texlive-xpdfopen-bin-2021.20210325.svn52917-150400.31.3.1 * texlive-axodraw2-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-chktex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-cjk-gs-integrate-bin-2021.20210325.svn37223-150400.31.3.1 * texlive-latex-git-log-bin-2021.20210325.svn30983-150400.31.3.1 * texlive-getmap-bin-2021.20210325.svn34971-150400.31.3.1 * texlive-latexfileversion-bin-2021.20210325.svn25012-150400.31.3.1 * texlive-debugsource-2021.20210325-150400.31.3.1 * texlive-dvipos-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ltximg-bin-2021.20210325.svn32346-150400.31.3.1 * texlive-mfware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pax-bin-2021.20210325.svn10843-150400.31.3.1 * texlive-xdvi-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pythontex-bin-2021.20210325.svn31638-150400.31.3.1 * texlive-urlbst-bin-2021.20210325.svn23262-150400.31.3.1 * texlive-luahbtex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-light-latex-make-bin-2021.20210325.svn56352-150400.31.3.1 * texlive-wordcount-bin-2021.20210325.svn46165-150400.31.3.1 * texlive-scripts-extra-bin-2021.20210325.svn53577-150400.31.3.1 * texlive-pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ptexenc-devel-1.3.9-150400.31.3.1 * texlive-accfonts-bin-2021.20210325.svn12688-150400.31.3.1 * texlive-texdiff-bin-2021.20210325.svn15506-150400.31.3.1 * texlive-gsftopk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-seetexk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-tex4ht-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-ctie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-texdoctk-bin-2021.20210325.svn29741-150400.31.3.1 * texlive-bibtex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-convbkmk-bin-2021.20210325.svn30408-150400.31.3.1 * texlive-dvipng-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-latex2nemeth-bin-2021.20210325.svn42300-150400.31.3.1 * texlive-optex-bin-2021.20210325.svn53804-150400.31.3.1 * texlive-dvicopy-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipos-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cyrillic-bin-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-xelatex-dev-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-dviljk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-csplain-bin-2021.20210325.svn50528-150400.31.3.1 * texlive-pdfxup-bin-2021.20210325.svn40690-150400.31.3.1 * texlive-splitindex-bin-2021.20210325.svn29688-150400.31.3.1 * texlive-xetex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-aleph-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dvidvi-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmxchords-bin-2021.20210325.svn32405-150400.31.3.1 * texlive-xml2pmx-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-a2ping-bin-2021.20210325.svn27321-150400.31.3.1 * texlive-ps2pk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dosepsbin-bin-2021.20210325.svn24759-150400.31.3.1 * texlive-pdftosrc-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-fragmaster-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-attachfile2-bin-2021.20210325.svn52909-150400.31.3.1 * texlive-kpathsea-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-match_parens-bin-2021.20210325.svn23500-150400.31.3.1 * texlive-dvipng-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-git-latexdiff-bin-2021.20210325.svn54732-150400.31.3.1 * texlive-platex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-xmltex-bin-2021.20210325.svn3006-150400.31.3.1 * libptexenc1-1.3.9-150400.31.3.1 * texlive-lcdftypetools-bin-2021.20210325.svn57878-150400.31.3.1 * libsynctex2-debuginfo-1.21-150400.31.3.1 * texlive-eplain-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fig4latex-bin-2021.20210325.svn14752-150400.31.3.1 * texlive-mathspic-bin-2021.20210325.svn23661-150400.31.3.1 * texlive-asymptote-bin-debuginfo-2021.20210325.svn57890-150400.31.3.1 * texlive-omegaware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-xindex-bin-2021.20210325.svn49312-150400.31.3.1 * texlive-amstex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-dviasm-bin-2021.20210325.svn8329-150400.31.3.1 * texlive-multibibliography-bin-2021.20210325.svn30534-150400.31.3.1 * texlive-patgen-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-musixtnt-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvipdfmx-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-mltex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-sty2dtx-bin-2021.20210325.svn21215-150400.31.3.1 * texlive-latexpand-bin-2021.20210325.svn27025-150400.31.3.1 * texlive-metapost-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-makedtx-bin-2021.20210325.svn38769-150400.31.3.1 * texlive-makeindex-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-cluttex-bin-2021.20210325.svn48871-150400.31.3.1 * texlive-tpic2pdftex-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cslatex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-fontware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-epspdf-bin-2021.20210325.svn29050-150400.31.3.1 * texlive-dvidvi-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-m-tx-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-cachepic-bin-2021.20210325.svn15543-150400.31.3.1 * texlive-checklistings-bin-2021.20210325.svn38300-150400.31.3.1 * texlive-mf2pt1-bin-2021.20210325.svn23406-150400.31.3.1 * texlive-bibtex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pdfcrop-bin-2021.20210325.svn14387-150400.31.3.1 * texlive-fontinst-bin-2021.20210325.svn53554-150400.31.3.1 * texlive-omegaware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-metafont-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-bin-devel-2021.20210325-150400.31.3.1 * texlive-luaotfload-bin-2021.20210325.svn34647-150400.31.3.1 * texlive-texfot-bin-2021.20210325.svn33155-150400.31.3.1 * texlive-scripts-bin-2021.20210325.svn55172-150400.31.3.1 * texlive-bib2gls-bin-2021.20210325.svn45266-150400.31.3.1 * texlive-exceltex-bin-2021.20210325.svn25860-150400.31.3.1 * texlive-texlua-devel-5.3.6-150400.31.3.1 * texlive-jadetex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-seetexk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-jfmutil-bin-2021.20210325.svn44835-150400.31.3.1 * texlive-lcdftypetools-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ttfutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-rubik-bin-2021.20210325.svn32919-150400.31.3.1 * texlive-ctie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvisvgm-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-texcount-bin-2021.20210325.svn13013-150400.31.3.1 * texlive-xetex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-xml2pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-crossrefware-bin-2021.20210325.svn45927-150400.31.3.1 * texlive-texloganalyser-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-tex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pfarrei-bin-2021.20210325.svn29348-150400.31.3.1 * texlive-svn-multi-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-synctex-devel-1.21-150400.31.3.1 * texlive-chktex-bin-2021.20210325.svn57878-150400.31.3.1 * libkpathsea6-6.3.3-150400.31.3.1 * texlive-kpathsea-devel-6.3.3-150400.31.3.1 * texlive-metapost-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-tie-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-uplatex-bin-2021.20210325.svn52800-150400.31.3.1 * texlive-pedigree-perl-bin-2021.20210325.svn25962-150400.31.3.1 * texlive-kotex-utils-bin-2021.20210325.svn32101-150400.31.3.1 * texlive-luajittex-bin-2021.20210325.svn58535-150400.31.3.1 * libptexenc1-debuginfo-1.3.9-150400.31.3.1 * texlive-mex-bin-2021.20210325.svn3006-150400.31.3.1 * texlive-pdfjam-bin-2021.20210325.svn52858-150400.31.3.1 * texlive-ctanify-bin-2021.20210325.svn24061-150400.31.3.1 * texlive-dtxgen-bin-2021.20210325.svn29031-150400.31.3.1 * texlive-axodraw2-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-vlna-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-bibtex8-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-bibtexu-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-de-macro-bin-2021.20210325.svn17399-150400.31.3.1 * texlive-fontware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-checkcites-bin-2021.20210325.svn25623-150400.31.3.1 * texlive-context-bin-2021.20210325.svn34112-150400.31.3.1 * texlive-dviout-util-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexindent-bin-2021.20210325.svn32150-150400.31.3.1 * texlive-ctanbib-bin-2021.20210325.svn48478-150400.31.3.1 * texlive-metafont-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-dtl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mptopdf-bin-2021.20210325.svn18674-150400.31.3.1 * libtexlua53-5-5.3.6-150400.31.3.1 * texlive-pdfbook2-bin-2021.20210325.svn37537-150400.31.3.1 * texlive-pkfix-bin-2021.20210325.svn13364-150400.31.3.1 * texlive-dviout-util-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ptex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-synctex-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-cweb-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-tex4ht-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-kpathsea-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-dviljk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-webquiz-bin-2021.20210325.svn50419-150400.31.3.1 * texlive-latex2man-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-cjkutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-mflua-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-musixtex-bin-2021.20210325.svn37026-150400.31.3.1 * texlive-pdftosrc-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-gregoriotex-bin-2021.20210325.svn58378-150400.31.3.1 * texlive-musixtnt-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-2021.20210325-150400.31.3.1 * texlive-texdef-bin-2021.20210325.svn45011-150400.31.3.1 * texlive-xpdfopen-bin-debuginfo-2021.20210325.svn52917-150400.31.3.1 * texlive-velthuis-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-mflua-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-pdftex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ttfutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-ctan-o-mat-bin-2021.20210325.svn46996-150400.31.3.1 * texlive-ketcindy-bin-2021.20210325.svn49033-150400.31.3.1 * texlive-clojure-pamphlet-bin-2021.20210325.svn51944-150400.31.3.1 * texlive-lwarp-bin-2021.20210325.svn43292-150400.31.3.1 * texlive-afm2pl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-dvipdfmx-bin-2021.20210325.svn58535-150400.31.3.1 * libtexlua53-5-debuginfo-5.3.6-150400.31.3.1 * texlive-mfware-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pst-pdf-bin-2021.20210325.svn7838-150400.31.3.1 * texlive-pst2pdf-bin-2021.20210325.svn29333-150400.31.3.1 * texlive-typeoutfileinfo-bin-2021.20210325.svn25648-150400.31.3.1 * texlive-gregoriotex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-web-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-fontools-bin-2021.20210325.svn25997-150400.31.3.1 * texlive-afm2pl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-luahbtex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-arara-bin-2021.20210325.svn29036-150400.31.3.1 * texlive-adhocfilelist-bin-2021.20210325.svn28038-150400.31.3.1 * texlive-lollipop-bin-2021.20210325.svn41465-150400.31.3.1 * texlive-dtl-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-albatross-bin-2021.20210325.svn57089-150400.31.3.1 * texlive-bundledoc-bin-2021.20210325.svn17794-150400.31.3.1 * texlive-synctex-bin-2021.20210325.svn58136-150400.31.3.1 * texlive-ps2eps-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-tikztosvg-bin-2021.20210325.svn55132-150400.31.3.1 * texlive-bibtex8-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-petri-nets-bin-2021.20210325.svn39165-150400.31.3.1 * texlive-texdirflatten-bin-2021.20210325.svn12782-150400.31.3.1 * texlive-aleph-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1 * texlive-pygmentex-bin-2021.20210325.svn34996-150400.31.3.1 * texlive-ps2pk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-detex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-lacheck-bin-2021.20210325.svn53999-150400.31.3.1 * texlive-texliveonfly-bin-2021.20210325.svn24062-150400.31.3.1 * texlive-gsftopk-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-vpe-bin-2021.20210325.svn6897-150400.31.3.1 * texlive-bibtexu-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-pdftex-quiet-bin-2021.20210325.svn49140-150400.31.3.1 * texlive-yplan-bin-2021.20210325.svn34398-150400.31.3.1 * texlive-vlna-bin-2021.20210325.svn50281-150400.31.3.1 * texlive-web-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-luatex-bin-2021.20210325.svn58535-150400.31.3.1 * texlive-pkfix-helper-bin-2021.20210325.svn13663-150400.31.3.1 * texlive-velthuis-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-cjkutils-bin-2021.20210325.svn57878-150400.31.3.1 * texlive-latexdiff-bin-2021.20210325.svn16420-150400.31.3.1 * texlive-luatex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-ctanupload-bin-2021.20210325.svn23866-150400.31.3.1 * texlive-mkjobtexmf-bin-2021.20210325.svn8457-150400.31.3.1 * texlive-patgen-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-srcredact-bin-2021.20210325.svn38710-150400.31.3.1 * texlive-spix-bin-2021.20210325.svn55933-150400.31.3.1 * texlive-m-tx-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1 * texlive-dvips-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-glossaries-bin-2021.20210325.svn37813-150400.31.3.1 * texlive-ptex-fontmaps-bin-2021.20210325.svn44206-150400.31.3.1 * texlive-texware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1 * texlive-l3build-bin-2021.20210325.svn46894-150400.31.3.1 * texlive-cweb-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1 * texlive-dvicopy-bin-2021.20210325.svn57878-150400.31.3.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * texlive-luajittex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1 * texlive-texluajit-devel-2.1.0beta3-150400.31.3.1 * libtexluajit2-2.1.0beta3-150400.31.3.1 * libtexluajit2-debuginfo-2.1.0beta3-150400.31.3.1 * Desktop Applications Module 15-SP5 (noarch) * texlive-biber-bin-2021.20210325.svn57273-150400.31.3.1 * texlive-diadia-bin-2021.20210325.svn37645-150400.31.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32700.html * https://bugzilla.suse.com/show_bug.cgi?id=1211389 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 12:30:12 -0000 Subject: SUSE-RU-2023:2283-1: important: Recommended update for cloud-regionsrv-client Message-ID: <168493141238.21950.14465591013534918061@smelt2.suse.de> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:2283-1 Rating: important References: * #1207133 * #1208097 * #1208099 * #1210020 * #1210021 * #1211282 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.2 (bsc#1211282) * Properly handle Ipv6 when checking update server responsiveness. If not available fall back and use IPv4 information * Use systemd_ordered to allow use in a container without pulling systemd into the container as a requirement * Update to version 10.1.1 (bsc#1210020, bsc#1210021) * Clean up the system if baseproduct registraion fails to leave the system in prestine state * Log when the registercloudguest command is invoked with --clean * Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) * Removes a warning about system_token entry present in the credentials file. * Adds logrotate configuration for log rotation. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2283=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2283=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2283=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2283=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2283=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2283=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2283=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2283=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2283=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2283=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2283=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * openSUSE Leap 15.4 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * Public Cloud Module 15-SP1 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * Public Cloud Module 15-SP2 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 * Public Cloud Module 15-SP5 (noarch) * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1 * cloud-regionsrv-client-10.1.2-150000.6.96.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207133 * https://bugzilla.suse.com/show_bug.cgi?id=1208097 * https://bugzilla.suse.com/show_bug.cgi?id=1208099 * https://bugzilla.suse.com/show_bug.cgi?id=1210020 * https://bugzilla.suse.com/show_bug.cgi?id=1210021 * https://bugzilla.suse.com/show_bug.cgi?id=1211282 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 12:30:13 -0000 Subject: SUSE-FU-2023:2282-1: moderate: Feature update for sbinary Message-ID: <168493141347.21950.18128969325643457832@smelt2.suse.de> # Feature update for sbinary Announcement ID: SUSE-FU-2023:2282-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 An update that contains one feature can now be installed. ## Description: This update for sbinary fixes the following issues: * Build package with Java 8 or higher (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2282=1 ## Package List: * openSUSE Leap 15.4 (noarch) * sbinary-0.4.2-150200.3.3.1 * sbinary-javadoc-0.4.2-150200.3.3.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 12:30:14 -0000 Subject: SUSE-OU-2023:2281-1: low: Optional update for javassist Message-ID: <168493141455.21950.18054336222469731630@smelt2.suse.de> # Optional update for javassist Announcement ID: SUSE-OU-2023:2281-1 Rating: low References: Affected Products: * openSUSE Leap 15.4 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature can now be installed. ## Description: This update for javassist fixes the following issues: Version update from 3.29.0 to 3.29.2 (jsc#SLE-23217): * Include Automatic-Module-Name in MANIFEST.MF * `Readme.html` was deleted. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2281=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2281=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2281=1 ## Package List: * openSUSE Leap 15.4 (noarch) * javassist-javadoc-3.29.2-150200.3.7.7 * javassist-manual-3.29.2-150200.3.7.7 * javassist-3.29.2-150200.3.7.7 * javassist-demo-3.29.2-150200.3.7.7 * SUSE Manager Server 4.2 Module 4.2 (noarch) * javassist-3.29.2-150200.3.7.7 * SUSE Manager Server 4.3 Module 4.3 (noarch) * javassist-3.29.2-150200.3.7.7 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2290-1: important: Security update for ucode-intel Message-ID: <168494580259.18495.1770236642584252852@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:2290-1 Rating: important References: * #1208479 * #1211382 Cross-References: * CVE-2022-33972 CVSS scores: * CVE-2022-33972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N * CVE-2022-33972 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) * New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 * Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR- SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2290=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2290=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2290=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2290=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2290=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2290=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * ucode-intel-debugsource-20230512-13.107.1 * ucode-intel-debuginfo-20230512-13.107.1 * ucode-intel-20230512-13.107.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33972.html * https://bugzilla.suse.com/show_bug.cgi?id=1208479 * https://bugzilla.suse.com/show_bug.cgi?id=1211382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2289-1: important: Security update for ucode-intel Message-ID: <168494580438.18495.17598886700647278250@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:2289-1 Rating: important References: * #1208479 * #1211382 Cross-References: * CVE-2022-33972 CVSS scores: * CVE-2022-33972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N * CVE-2022-33972 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) * New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 * Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR- SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2289=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2289=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2289=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-debuginfo-20230512-3.52.1 * ucode-intel-20230512-3.52.1 * ucode-intel-debugsource-20230512-3.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-debuginfo-20230512-3.52.1 * ucode-intel-20230512-3.52.1 * ucode-intel-debugsource-20230512-3.52.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-debuginfo-20230512-3.52.1 * ucode-intel-20230512-3.52.1 * ucode-intel-debugsource-20230512-3.52.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33972.html * https://bugzilla.suse.com/show_bug.cgi?id=1208479 * https://bugzilla.suse.com/show_bug.cgi?id=1211382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 16:30:07 -0000 Subject: SUSE-SU-2023:2288-1: important: Security update for kubernetes1.18 Message-ID: <168494580717.18495.8021031880677215237@smelt2.suse.de> # Security update for kubernetes1.18 Announcement ID: SUSE-SU-2023:2288-1 Rating: important References: * #1200441 * #1209658 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2288=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2288=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2288=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2288=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2288=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2288=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2288=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2288=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2288=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2288=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2288=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * openSUSE Leap 15.4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.7.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.7.1 * kubernetes1.18-client-1.18.10-150200.5.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 24 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2287-1: important: Security update for cups-filters, poppler, texlive Message-ID: <168494581070.18495.4698728086764156251@smelt2.suse.de> # Security update for cups-filters, poppler, texlive Announcement ID: SUSE-SU-2023:2287-1 Rating: important References: * #1211340 * #1211389 * #1211450 Cross-References: * CVE-2023-24805 * CVE-2023-32700 CVSS scores: * CVE-2023-24805 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24805 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for cups-filters, poppler, texlive fixes the following issues: cups-filters: * CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). texlive: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). poppler: * Added missing header file goo/GooCheckedOps.h. Without it, other packages using poppler as a library might fail to compile since our public headers now depend on it. (bsc#1211450) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2287=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2287=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2287=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.12.1 * libpoppler73-0.62.0-150000.4.12.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.12.1 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * texlive-srcredact-bin-2017.20170520.svn38710-150000.11.20.1 * texlive-checkcites-bin-2017.20170520.svn25623-150000.11.20.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150000.11.20.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150000.11.20.1 * texlive-mathspic-bin-2017.20170520.svn23661-150000.11.20.1 * texlive-texware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150000.11.20.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texdiff-bin-2017.20170520.svn15506-150000.11.20.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdoc-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150000.11.20.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150000.11.20.1 * texlive-cslatex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-context-bin-2017.20170520.svn34112-150000.11.20.1 * texlive-csplain-bin-2017.20170520.svn33902-150000.11.20.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lacheck-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150000.11.20.1 * texlive-bin-devel-2017.20170520-150000.11.20.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.12.1 * texlive-metafont-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-bibexport-bin-2017.20170520.svn16219-150000.11.20.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texcount-bin-2017.20170520.svn13013-150000.11.20.1 * libpoppler73-0.62.0-150000.4.12.1 * texlive-pkfix-bin-2017.20170520.svn13364-150000.11.20.1 * texlive-texfot-bin-2017.20170520.svn33155-150000.11.20.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mfware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexmk-bin-2017.20170520.svn10937-150000.11.20.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150000.11.20.1 * texlive-ptexenc-devel-1.3.5-150000.11.20.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-omegaware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-metapost-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150000.11.20.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150000.11.20.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150000.11.20.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150000.11.20.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150000.11.20.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-glossaries-bin-2017.20170520.svn37813-150000.11.20.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150000.11.20.1 * texlive-bibtex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fontware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-luatex-bin-2017.20170520.svn44549-150000.11.20.1 * texlive-rubik-bin-2017.20170520.svn32919-150000.11.20.1 * texlive-uptex-bin-2017.20170520.svn44143-150000.11.20.1 * libkpathsea6-debuginfo-6.2.3-150000.11.20.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cachepic-bin-2017.20170520.svn15543-150000.11.20.1 * texlive-mex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150000.11.20.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ctie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-arara-bin-2017.20170520.svn29036-150000.11.20.1 * texlive-mflua-bin-2017.20170520.svn44143-150000.11.20.1 * cups-filters-debugsource-1.20.3-150000.3.10.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150000.11.20.1 * texlive-texlua-devel-5.2.4-150000.11.20.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150000.11.20.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-getmap-bin-2017.20170520.svn34971-150000.11.20.1 * texlive-pythontex-bin-2017.20170520.svn31638-150000.11.20.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150000.11.20.1 * libtexlua52-5-5.2.4-150000.11.20.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-texdef-bin-2017.20170520.svn21802-150000.11.20.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pax-bin-2017.20170520.svn10843-150000.11.20.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * libptexenc1-debuginfo-1.3.5-150000.11.20.1 * texlive-synctex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150000.11.20.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150000.11.20.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150000.11.20.1 * texlive-latexindent-bin-2017.20170520.svn32150-150000.11.20.1 * texlive-vpe-bin-2017.20170520.svn6897-150000.11.20.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150000.11.20.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150000.11.20.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-0.62.0-150000.4.12.1 * texlive-yplan-bin-2017.20170520.svn34398-150000.11.20.1 * libpoppler-glib-devel-0.62.0-150000.4.12.1 * libptexenc1-1.3.5-150000.11.20.1 * texlive-aleph-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150000.11.20.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150000.11.20.1 * texlive-latexpand-bin-2017.20170520.svn27025-150000.11.20.1 * texlive-match_parens-bin-2017.20170520.svn23500-150000.11.20.1 * texlive-seetexk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150000.11.20.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.12.1 * texlive-texsis-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latex2man-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-debuginfo-0.62.0-150000.4.12.1 * texlive-detex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanify-bin-2017.20170520.svn24061-150000.11.20.1 * texlive-ebong-bin-2017.20170520.svn21000-150000.11.20.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150000.11.20.1 * texlive-texluajit-devel-2.1.0beta2-150000.11.20.1 * texlive-urlbst-bin-2017.20170520.svn23262-150000.11.20.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-makedtx-bin-2017.20170520.svn38769-150000.11.20.1 * texlive-texosquery-bin-2017.20170520.svn43596-150000.11.20.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-exceltex-bin-2017.20170520.svn25860-150000.11.20.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epspdf-bin-2017.20170520.svn29050-150000.11.20.1 * texlive-debuginfo-2017.20170520-150000.11.20.1 * texlive-authorindex-bin-2017.20170520.svn18790-150000.11.20.1 * texlive-lwarp-bin-2017.20170520.svn43292-150000.11.20.1 * texlive-texconfig-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-chktex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipng-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-patgen-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvips-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150000.11.20.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150000.11.20.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150000.11.20.1 * texlive-perltex-bin-2017.20170520.svn16181-150000.11.20.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-accfonts-bin-2017.20170520.svn12688-150000.11.20.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150000.11.20.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150000.11.20.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150000.11.20.1 * libpoppler-glib8-0.62.0-150000.4.12.1 * texlive-fontools-bin-2017.20170520.svn25997-150000.11.20.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150000.11.20.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-eplain-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150000.11.20.1 * texlive-checklistings-bin-2017.20170520.svn38300-150000.11.20.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150000.11.20.1 * texlive-asymptote-bin-2017.20170520.svn43843-150000.11.20.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-debugsource-2017.20170520-150000.11.20.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-fontinst-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150000.11.20.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150000.11.20.1 * texlive-make4ht-bin-2017.20170520.svn37750-150000.11.20.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150000.11.20.1 * texlive-lollipop-bin-2017.20170520.svn41465-150000.11.20.1 * libtexlua52-5-debuginfo-5.2.4-150000.11.20.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150000.11.20.1 * libpoppler73-debuginfo-0.62.0-150000.4.12.1 * texlive-web-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-2017.20170520.svn44361-150000.11.20.1 * texlive-m-tx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150000.11.20.1 * cups-filters-devel-1.20.3-150000.3.10.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150000.11.20.1 * texlive-pmx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-findhyph-bin-2017.20170520.svn14758-150000.11.20.1 * cups-filters-1.20.3-150000.3.10.1 * texlive-dviljk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150000.11.20.1 * texlive-kpathsea-devel-6.2.3-150000.11.20.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150000.11.20.1 * texlive-tetex-bin-2017.20170520.svn43957-150000.11.20.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-uplatex-bin-2017.20170520.svn26326-150000.11.20.1 * cups-filters-debuginfo-1.20.3-150000.3.10.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150000.11.20.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-vlna-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150000.11.20.1 * texlive-jadetex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150000.11.20.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150000.11.20.1 * texlive-xdvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150000.11.20.1 * texlive-a2ping-bin-2017.20170520.svn27321-150000.11.20.1 * libpoppler-cpp0-0.62.0-150000.4.12.1 * texlive-xmltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtex-bin-2017.20170520.svn37026-150000.11.20.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150000.11.20.1 * libsynctex1-debuginfo-1.18-150000.11.20.1 * texlive-amstex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ltximg-bin-2017.20170520.svn32346-150000.11.20.1 * texlive-autosp-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150000.11.20.1 * texlive-dviasm-bin-2017.20170520.svn8329-150000.11.20.1 * texlive-listbib-bin-2017.20170520.svn26126-150000.11.20.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150000.11.20.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ulqda-bin-2017.20170520.svn13663-150000.11.20.1 * libpoppler-devel-0.62.0-150000.4.12.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipos-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150000.11.20.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150000.11.20.1 * libtexluajit2-2.1.0beta2-150000.11.20.1 * libsynctex1-1.18-150000.11.20.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-platex-bin-2017.20170520.svn22859-150000.11.20.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.12.1 * libkpathsea6-6.2.3-150000.11.20.1 * texlive-2017.20170520-150000.11.20.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-splitindex-bin-2017.20170520.svn29688-150000.11.20.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150000.11.20.1 * texlive-makeindex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pstools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150000.11.20.1 * texlive-synctex-devel-1.18-150000.11.20.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-debugsource-0.62.0-150000.4.12.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mkpic-bin-2017.20170520.svn33688-150000.11.20.1 * texlive-de-macro-bin-2017.20170520.svn17399-150000.11.20.1 * libtexluajit2-debuginfo-2.1.0beta2-150000.11.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * perl-biber-2017.20170520.svn30357-150000.11.20.1 * texlive-diadia-bin-2017.20170520.svn37645-150000.11.20.1 * texlive-biber-bin-2017.20170520.svn42679-150000.11.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * texlive-srcredact-bin-2017.20170520.svn38710-150000.11.20.1 * texlive-checkcites-bin-2017.20170520.svn25623-150000.11.20.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150000.11.20.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150000.11.20.1 * texlive-mathspic-bin-2017.20170520.svn23661-150000.11.20.1 * texlive-texware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150000.11.20.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texdiff-bin-2017.20170520.svn15506-150000.11.20.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdoc-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150000.11.20.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150000.11.20.1 * texlive-cslatex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-context-bin-2017.20170520.svn34112-150000.11.20.1 * texlive-csplain-bin-2017.20170520.svn33902-150000.11.20.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lacheck-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150000.11.20.1 * texlive-bin-devel-2017.20170520-150000.11.20.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.12.1 * texlive-metafont-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-bibexport-bin-2017.20170520.svn16219-150000.11.20.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texcount-bin-2017.20170520.svn13013-150000.11.20.1 * libpoppler73-0.62.0-150000.4.12.1 * texlive-pkfix-bin-2017.20170520.svn13364-150000.11.20.1 * texlive-texfot-bin-2017.20170520.svn33155-150000.11.20.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mfware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexmk-bin-2017.20170520.svn10937-150000.11.20.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150000.11.20.1 * texlive-ptexenc-devel-1.3.5-150000.11.20.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-omegaware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-metapost-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150000.11.20.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150000.11.20.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150000.11.20.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150000.11.20.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150000.11.20.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-glossaries-bin-2017.20170520.svn37813-150000.11.20.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150000.11.20.1 * texlive-bibtex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fontware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-luatex-bin-2017.20170520.svn44549-150000.11.20.1 * texlive-rubik-bin-2017.20170520.svn32919-150000.11.20.1 * texlive-uptex-bin-2017.20170520.svn44143-150000.11.20.1 * libkpathsea6-debuginfo-6.2.3-150000.11.20.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cachepic-bin-2017.20170520.svn15543-150000.11.20.1 * texlive-mex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150000.11.20.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ctie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-arara-bin-2017.20170520.svn29036-150000.11.20.1 * texlive-mflua-bin-2017.20170520.svn44143-150000.11.20.1 * cups-filters-debugsource-1.20.3-150000.3.10.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150000.11.20.1 * texlive-texlua-devel-5.2.4-150000.11.20.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150000.11.20.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-getmap-bin-2017.20170520.svn34971-150000.11.20.1 * texlive-pythontex-bin-2017.20170520.svn31638-150000.11.20.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150000.11.20.1 * libtexlua52-5-5.2.4-150000.11.20.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-texdef-bin-2017.20170520.svn21802-150000.11.20.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pax-bin-2017.20170520.svn10843-150000.11.20.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * libptexenc1-debuginfo-1.3.5-150000.11.20.1 * texlive-synctex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150000.11.20.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150000.11.20.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150000.11.20.1 * texlive-latexindent-bin-2017.20170520.svn32150-150000.11.20.1 * texlive-vpe-bin-2017.20170520.svn6897-150000.11.20.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150000.11.20.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150000.11.20.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-0.62.0-150000.4.12.1 * texlive-yplan-bin-2017.20170520.svn34398-150000.11.20.1 * libpoppler-glib-devel-0.62.0-150000.4.12.1 * libptexenc1-1.3.5-150000.11.20.1 * texlive-aleph-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150000.11.20.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150000.11.20.1 * texlive-latexpand-bin-2017.20170520.svn27025-150000.11.20.1 * texlive-match_parens-bin-2017.20170520.svn23500-150000.11.20.1 * texlive-seetexk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150000.11.20.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.12.1 * texlive-texsis-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latex2man-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-debuginfo-0.62.0-150000.4.12.1 * texlive-detex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanify-bin-2017.20170520.svn24061-150000.11.20.1 * texlive-ebong-bin-2017.20170520.svn21000-150000.11.20.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150000.11.20.1 * texlive-urlbst-bin-2017.20170520.svn23262-150000.11.20.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-makedtx-bin-2017.20170520.svn38769-150000.11.20.1 * texlive-texosquery-bin-2017.20170520.svn43596-150000.11.20.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-exceltex-bin-2017.20170520.svn25860-150000.11.20.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epspdf-bin-2017.20170520.svn29050-150000.11.20.1 * texlive-debuginfo-2017.20170520-150000.11.20.1 * texlive-authorindex-bin-2017.20170520.svn18790-150000.11.20.1 * texlive-lwarp-bin-2017.20170520.svn43292-150000.11.20.1 * texlive-texconfig-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-chktex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipng-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-patgen-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvips-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150000.11.20.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150000.11.20.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150000.11.20.1 * texlive-perltex-bin-2017.20170520.svn16181-150000.11.20.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-accfonts-bin-2017.20170520.svn12688-150000.11.20.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150000.11.20.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150000.11.20.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150000.11.20.1 * texlive-fontools-bin-2017.20170520.svn25997-150000.11.20.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150000.11.20.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-eplain-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150000.11.20.1 * texlive-checklistings-bin-2017.20170520.svn38300-150000.11.20.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150000.11.20.1 * texlive-asymptote-bin-2017.20170520.svn43843-150000.11.20.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-debugsource-2017.20170520-150000.11.20.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-fontinst-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150000.11.20.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150000.11.20.1 * texlive-make4ht-bin-2017.20170520.svn37750-150000.11.20.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150000.11.20.1 * texlive-lollipop-bin-2017.20170520.svn41465-150000.11.20.1 * libtexlua52-5-debuginfo-5.2.4-150000.11.20.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150000.11.20.1 * libpoppler73-debuginfo-0.62.0-150000.4.12.1 * texlive-web-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-2017.20170520.svn44361-150000.11.20.1 * texlive-m-tx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150000.11.20.1 * cups-filters-devel-1.20.3-150000.3.10.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150000.11.20.1 * texlive-pmx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-findhyph-bin-2017.20170520.svn14758-150000.11.20.1 * cups-filters-1.20.3-150000.3.10.1 * texlive-dviljk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150000.11.20.1 * texlive-kpathsea-devel-6.2.3-150000.11.20.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150000.11.20.1 * texlive-tetex-bin-2017.20170520.svn43957-150000.11.20.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-uplatex-bin-2017.20170520.svn26326-150000.11.20.1 * cups-filters-debuginfo-1.20.3-150000.3.10.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150000.11.20.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-vlna-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150000.11.20.1 * texlive-jadetex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150000.11.20.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150000.11.20.1 * texlive-xdvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150000.11.20.1 * texlive-a2ping-bin-2017.20170520.svn27321-150000.11.20.1 * libpoppler-cpp0-0.62.0-150000.4.12.1 * texlive-xmltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtex-bin-2017.20170520.svn37026-150000.11.20.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150000.11.20.1 * libsynctex1-debuginfo-1.18-150000.11.20.1 * texlive-amstex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ltximg-bin-2017.20170520.svn32346-150000.11.20.1 * texlive-autosp-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150000.11.20.1 * texlive-dviasm-bin-2017.20170520.svn8329-150000.11.20.1 * texlive-listbib-bin-2017.20170520.svn26126-150000.11.20.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150000.11.20.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ulqda-bin-2017.20170520.svn13663-150000.11.20.1 * libpoppler-devel-0.62.0-150000.4.12.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipos-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150000.11.20.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150000.11.20.1 * libsynctex1-1.18-150000.11.20.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-platex-bin-2017.20170520.svn22859-150000.11.20.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.12.1 * libkpathsea6-6.2.3-150000.11.20.1 * texlive-2017.20170520-150000.11.20.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-splitindex-bin-2017.20170520.svn29688-150000.11.20.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150000.11.20.1 * texlive-makeindex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pstools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150000.11.20.1 * texlive-synctex-devel-1.18-150000.11.20.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-debugsource-0.62.0-150000.4.12.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mkpic-bin-2017.20170520.svn33688-150000.11.20.1 * texlive-de-macro-bin-2017.20170520.svn17399-150000.11.20.1 * libpoppler-glib8-0.62.0-150000.4.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libtexluajit2-2.1.0beta2-150000.11.20.1 * libtexluajit2-debuginfo-2.1.0beta2-150000.11.20.1 * texlive-texluajit-devel-2.1.0beta2-150000.11.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * perl-biber-2017.20170520.svn30357-150000.11.20.1 * texlive-diadia-bin-2017.20170520.svn37645-150000.11.20.1 * texlive-biber-bin-2017.20170520.svn42679-150000.11.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * texlive-srcredact-bin-2017.20170520.svn38710-150000.11.20.1 * texlive-checkcites-bin-2017.20170520.svn25623-150000.11.20.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150000.11.20.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150000.11.20.1 * texlive-mathspic-bin-2017.20170520.svn23661-150000.11.20.1 * texlive-texware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150000.11.20.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texdiff-bin-2017.20170520.svn15506-150000.11.20.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdoc-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150000.11.20.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150000.11.20.1 * texlive-cslatex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-context-bin-2017.20170520.svn34112-150000.11.20.1 * texlive-csplain-bin-2017.20170520.svn33902-150000.11.20.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lacheck-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150000.11.20.1 * texlive-bin-devel-2017.20170520-150000.11.20.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.12.1 * texlive-metafont-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-bibexport-bin-2017.20170520.svn16219-150000.11.20.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texcount-bin-2017.20170520.svn13013-150000.11.20.1 * libpoppler73-0.62.0-150000.4.12.1 * texlive-pkfix-bin-2017.20170520.svn13364-150000.11.20.1 * texlive-texfot-bin-2017.20170520.svn33155-150000.11.20.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mfware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexmk-bin-2017.20170520.svn10937-150000.11.20.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150000.11.20.1 * texlive-ptexenc-devel-1.3.5-150000.11.20.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-omegaware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-metapost-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150000.11.20.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150000.11.20.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150000.11.20.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150000.11.20.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150000.11.20.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-glossaries-bin-2017.20170520.svn37813-150000.11.20.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150000.11.20.1 * texlive-bibtex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fontware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-luatex-bin-2017.20170520.svn44549-150000.11.20.1 * texlive-rubik-bin-2017.20170520.svn32919-150000.11.20.1 * texlive-uptex-bin-2017.20170520.svn44143-150000.11.20.1 * libkpathsea6-debuginfo-6.2.3-150000.11.20.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cachepic-bin-2017.20170520.svn15543-150000.11.20.1 * texlive-mex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150000.11.20.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ctie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-arara-bin-2017.20170520.svn29036-150000.11.20.1 * texlive-mflua-bin-2017.20170520.svn44143-150000.11.20.1 * cups-filters-debugsource-1.20.3-150000.3.10.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150000.11.20.1 * texlive-texlua-devel-5.2.4-150000.11.20.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150000.11.20.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-getmap-bin-2017.20170520.svn34971-150000.11.20.1 * texlive-pythontex-bin-2017.20170520.svn31638-150000.11.20.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150000.11.20.1 * libtexlua52-5-5.2.4-150000.11.20.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-texdef-bin-2017.20170520.svn21802-150000.11.20.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pax-bin-2017.20170520.svn10843-150000.11.20.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * libptexenc1-debuginfo-1.3.5-150000.11.20.1 * texlive-synctex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150000.11.20.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150000.11.20.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150000.11.20.1 * texlive-latexindent-bin-2017.20170520.svn32150-150000.11.20.1 * texlive-vpe-bin-2017.20170520.svn6897-150000.11.20.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150000.11.20.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150000.11.20.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-0.62.0-150000.4.12.1 * texlive-yplan-bin-2017.20170520.svn34398-150000.11.20.1 * libpoppler-glib-devel-0.62.0-150000.4.12.1 * libptexenc1-1.3.5-150000.11.20.1 * texlive-aleph-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150000.11.20.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150000.11.20.1 * texlive-latexpand-bin-2017.20170520.svn27025-150000.11.20.1 * texlive-match_parens-bin-2017.20170520.svn23500-150000.11.20.1 * texlive-seetexk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150000.11.20.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.12.1 * texlive-texsis-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latex2man-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-debuginfo-0.62.0-150000.4.12.1 * texlive-detex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanify-bin-2017.20170520.svn24061-150000.11.20.1 * texlive-ebong-bin-2017.20170520.svn21000-150000.11.20.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150000.11.20.1 * texlive-urlbst-bin-2017.20170520.svn23262-150000.11.20.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-makedtx-bin-2017.20170520.svn38769-150000.11.20.1 * texlive-texosquery-bin-2017.20170520.svn43596-150000.11.20.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-exceltex-bin-2017.20170520.svn25860-150000.11.20.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epspdf-bin-2017.20170520.svn29050-150000.11.20.1 * texlive-debuginfo-2017.20170520-150000.11.20.1 * texlive-authorindex-bin-2017.20170520.svn18790-150000.11.20.1 * texlive-lwarp-bin-2017.20170520.svn43292-150000.11.20.1 * texlive-texconfig-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-chktex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipng-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-patgen-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvips-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150000.11.20.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150000.11.20.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150000.11.20.1 * texlive-perltex-bin-2017.20170520.svn16181-150000.11.20.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-accfonts-bin-2017.20170520.svn12688-150000.11.20.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150000.11.20.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150000.11.20.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150000.11.20.1 * texlive-fontools-bin-2017.20170520.svn25997-150000.11.20.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150000.11.20.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-eplain-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150000.11.20.1 * texlive-checklistings-bin-2017.20170520.svn38300-150000.11.20.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150000.11.20.1 * texlive-asymptote-bin-2017.20170520.svn43843-150000.11.20.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-debugsource-2017.20170520-150000.11.20.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-fontinst-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150000.11.20.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150000.11.20.1 * texlive-make4ht-bin-2017.20170520.svn37750-150000.11.20.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150000.11.20.1 * texlive-lollipop-bin-2017.20170520.svn41465-150000.11.20.1 * libtexlua52-5-debuginfo-5.2.4-150000.11.20.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150000.11.20.1 * libpoppler73-debuginfo-0.62.0-150000.4.12.1 * texlive-web-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-2017.20170520.svn44361-150000.11.20.1 * texlive-m-tx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150000.11.20.1 * cups-filters-devel-1.20.3-150000.3.10.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150000.11.20.1 * texlive-pmx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-findhyph-bin-2017.20170520.svn14758-150000.11.20.1 * cups-filters-1.20.3-150000.3.10.1 * texlive-dviljk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150000.11.20.1 * texlive-kpathsea-devel-6.2.3-150000.11.20.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150000.11.20.1 * texlive-tetex-bin-2017.20170520.svn43957-150000.11.20.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-uplatex-bin-2017.20170520.svn26326-150000.11.20.1 * cups-filters-debuginfo-1.20.3-150000.3.10.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150000.11.20.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-vlna-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150000.11.20.1 * texlive-jadetex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150000.11.20.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150000.11.20.1 * texlive-xdvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150000.11.20.1 * texlive-a2ping-bin-2017.20170520.svn27321-150000.11.20.1 * libpoppler-cpp0-0.62.0-150000.4.12.1 * texlive-xmltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtex-bin-2017.20170520.svn37026-150000.11.20.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150000.11.20.1 * libsynctex1-debuginfo-1.18-150000.11.20.1 * texlive-amstex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ltximg-bin-2017.20170520.svn32346-150000.11.20.1 * texlive-autosp-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150000.11.20.1 * texlive-dviasm-bin-2017.20170520.svn8329-150000.11.20.1 * texlive-listbib-bin-2017.20170520.svn26126-150000.11.20.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150000.11.20.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ulqda-bin-2017.20170520.svn13663-150000.11.20.1 * libpoppler-devel-0.62.0-150000.4.12.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipos-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150000.11.20.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150000.11.20.1 * libsynctex1-1.18-150000.11.20.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-platex-bin-2017.20170520.svn22859-150000.11.20.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.12.1 * libkpathsea6-6.2.3-150000.11.20.1 * texlive-2017.20170520-150000.11.20.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-splitindex-bin-2017.20170520.svn29688-150000.11.20.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150000.11.20.1 * texlive-makeindex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pstools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150000.11.20.1 * texlive-synctex-devel-1.18-150000.11.20.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-debugsource-0.62.0-150000.4.12.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mkpic-bin-2017.20170520.svn33688-150000.11.20.1 * texlive-de-macro-bin-2017.20170520.svn17399-150000.11.20.1 * libpoppler-glib8-0.62.0-150000.4.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * perl-biber-2017.20170520.svn30357-150000.11.20.1 * texlive-diadia-bin-2017.20170520.svn37645-150000.11.20.1 * texlive-biber-bin-2017.20170520.svn42679-150000.11.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libtexluajit2-2.1.0beta2-150000.11.20.1 * libtexluajit2-debuginfo-2.1.0beta2-150000.11.20.1 * texlive-texluajit-devel-2.1.0beta2-150000.11.20.1 * SUSE CaaS Platform 4.0 (x86_64) * texlive-srcredact-bin-2017.20170520.svn38710-150000.11.20.1 * texlive-checkcites-bin-2017.20170520.svn25623-150000.11.20.1 * texlive-latex2nemeth-bin-2017.20170520.svn42300-150000.11.20.1 * texlive-pdfjam-bin-2017.20170520.svn17868-150000.11.20.1 * texlive-mathspic-bin-2017.20170520.svn23661-150000.11.20.1 * texlive-texware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-lilyglyphs-bin-2017.20170520.svn31696-150000.11.20.1 * texlive-gsftopk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texdiff-bin-2017.20170520.svn15506-150000.11.20.1 * texlive-texloganalyser-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdoc-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pst-pdf-bin-2017.20170520.svn7838-150000.11.20.1 * texlive-pdflatexpicscale-bin-2017.20170520.svn41779-150000.11.20.1 * texlive-cslatex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lcdftypetools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-context-bin-2017.20170520.svn34112-150000.11.20.1 * texlive-csplain-bin-2017.20170520.svn33902-150000.11.20.1 * texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lacheck-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pygmentex-bin-2017.20170520.svn34996-150000.11.20.1 * texlive-bin-devel-2017.20170520-150000.11.20.1 * libpoppler-glib8-debuginfo-0.62.0-150000.4.12.1 * texlive-metafont-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-bibexport-bin-2017.20170520.svn16219-150000.11.20.1 * texlive-musixtnt-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texcount-bin-2017.20170520.svn13013-150000.11.20.1 * libpoppler73-0.62.0-150000.4.12.1 * texlive-pkfix-bin-2017.20170520.svn13364-150000.11.20.1 * texlive-texfot-bin-2017.20170520.svn33155-150000.11.20.1 * texlive-metafont-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mfware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexmk-bin-2017.20170520.svn10937-150000.11.20.1 * texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-luaotfload-bin-2017.20170520.svn34647-150000.11.20.1 * texlive-ptexenc-devel-1.3.5-150000.11.20.1 * texlive-mflua-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-omegaware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-metapost-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-fontmaps-bin-2017.20170520.svn44206-150000.11.20.1 * texlive-tex4ebook-bin-2017.20170520.svn37771-150000.11.20.1 * texlive-pmx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mptopdf-bin-2017.20170520.svn18674-150000.11.20.1 * texlive-dvisvgm-bin-2017.20170520.svn40987-150000.11.20.1 * texlive-pedigree-perl-bin-2017.20170520.svn25962-150000.11.20.1 * texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-glossaries-bin-2017.20170520.svn37813-150000.11.20.1 * texlive-mfware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-tie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-gregoriotex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvicopy-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latexfileversion-bin-2017.20170520.svn25012-150000.11.20.1 * texlive-bibtex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fontware-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-purifyeps-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-luatex-bin-2017.20170520.svn44549-150000.11.20.1 * texlive-rubik-bin-2017.20170520.svn32919-150000.11.20.1 * texlive-uptex-bin-2017.20170520.svn44143-150000.11.20.1 * libkpathsea6-debuginfo-6.2.3-150000.11.20.1 * texlive-dvidvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cachepic-bin-2017.20170520.svn15543-150000.11.20.1 * texlive-mex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ctie-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dosepsbin-bin-2017.20170520.svn24759-150000.11.20.1 * texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ctie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-arara-bin-2017.20170520.svn29036-150000.11.20.1 * texlive-mflua-bin-2017.20170520.svn44143-150000.11.20.1 * cups-filters-debugsource-1.20.3-150000.3.10.1 * texlive-dtxgen-bin-2017.20170520.svn29031-150000.11.20.1 * texlive-texlua-devel-5.2.4-150000.11.20.1 * texlive-ptex2pdf-bin-2017.20170520.svn29335-150000.11.20.1 * texlive-chktex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-getmap-bin-2017.20170520.svn34971-150000.11.20.1 * texlive-pythontex-bin-2017.20170520.svn31638-150000.11.20.1 * texlive-metapost-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfxup-bin-2017.20170520.svn40690-150000.11.20.1 * libtexlua52-5-5.2.4-150000.11.20.1 * texlive-ptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-texdef-bin-2017.20170520.svn21802-150000.11.20.1 * texlive-synctex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pax-bin-2017.20170520.svn10843-150000.11.20.1 * texlive-autosp-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * libptexenc1-debuginfo-1.3.5-150000.11.20.1 * texlive-synctex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-kpathsea-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-mkjobtexmf-bin-2017.20170520.svn8457-150000.11.20.1 * texlive-ttfutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfbook2-bin-2017.20170520.svn37537-150000.11.20.1 * texlive-bibtex8-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-texware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mf2pt1-bin-2017.20170520.svn23406-150000.11.20.1 * texlive-latexindent-bin-2017.20170520.svn32150-150000.11.20.1 * texlive-vpe-bin-2017.20170520.svn6897-150000.11.20.1 * texlive-detex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-latex-bin-bin-2017.20170520.svn14050-150000.11.20.1 * texlive-petri-nets-bin-2017.20170520.svn39165-150000.11.20.1 * texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-0.62.0-150000.4.12.1 * texlive-yplan-bin-2017.20170520.svn34398-150000.11.20.1 * libpoppler-glib-devel-0.62.0-150000.4.12.1 * libptexenc1-1.3.5-150000.11.20.1 * texlive-aleph-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dviinfox-bin-2017.20170520.svn44515-150000.11.20.1 * texlive-crossrefware-bin-2017.20170520.svn43866-150000.11.20.1 * texlive-latexpand-bin-2017.20170520.svn27025-150000.11.20.1 * texlive-match_parens-bin-2017.20170520.svn23500-150000.11.20.1 * texlive-seetexk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-tpic2pdftex-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-pkfix-helper-bin-2017.20170520.svn13663-150000.11.20.1 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.12.1 * texlive-texsis-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tex4ht-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-latex2man-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-tools-debuginfo-0.62.0-150000.4.12.1 * texlive-detex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanify-bin-2017.20170520.svn24061-150000.11.20.1 * texlive-ebong-bin-2017.20170520.svn21000-150000.11.20.1 * texlive-sty2dtx-bin-2017.20170520.svn21215-150000.11.20.1 * texlive-texluajit-devel-2.1.0beta2-150000.11.20.1 * texlive-urlbst-bin-2017.20170520.svn23262-150000.11.20.1 * texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-makedtx-bin-2017.20170520.svn38769-150000.11.20.1 * texlive-texosquery-bin-2017.20170520.svn43596-150000.11.20.1 * texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-exceltex-bin-2017.20170520.svn25860-150000.11.20.1 * texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epspdf-bin-2017.20170520.svn29050-150000.11.20.1 * texlive-debuginfo-2017.20170520-150000.11.20.1 * texlive-authorindex-bin-2017.20170520.svn18790-150000.11.20.1 * texlive-lwarp-bin-2017.20170520.svn43292-150000.11.20.1 * texlive-texconfig-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-chktex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipng-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-patgen-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvips-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipdfmx-bin-2017.20170520.svn40273-150000.11.20.1 * texlive-adhocfilelist-bin-2017.20170520.svn28038-150000.11.20.1 * texlive-ltxfileinfo-bin-2017.20170520.svn29005-150000.11.20.1 * texlive-perltex-bin-2017.20170520.svn16181-150000.11.20.1 * texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-accfonts-bin-2017.20170520.svn12688-150000.11.20.1 * texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-epstopdf-bin-2017.20170520.svn18336-150000.11.20.1 * texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-150000.11.20.1 * texlive-multibibliography-bin-2017.20170520.svn30534-150000.11.20.1 * libpoppler-glib8-0.62.0-150000.4.12.1 * texlive-fontools-bin-2017.20170520.svn25997-150000.11.20.1 * texlive-fig4latex-bin-2017.20170520.svn14752-150000.11.20.1 * texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dtl-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-aleph-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-eplain-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-latexdiff-bin-2017.20170520.svn16420-150000.11.20.1 * texlive-checklistings-bin-2017.20170520.svn38300-150000.11.20.1 * texlive-patgen-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-debuginfo-2017.20170520.svn44361-150000.11.20.1 * texlive-asymptote-bin-2017.20170520.svn43843-150000.11.20.1 * texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-svn-multi-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-debugsource-2017.20170520-150000.11.20.1 * texlive-web-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cjkutils-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-fontinst-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-latex-papersize-bin-2017.20170520.svn42296-150000.11.20.1 * texlive-bundledoc-bin-2017.20170520.svn17794-150000.11.20.1 * texlive-make4ht-bin-2017.20170520.svn37750-150000.11.20.1 * texlive-pst2pdf-bin-2017.20170520.svn29333-150000.11.20.1 * texlive-lollipop-bin-2017.20170520.svn41465-150000.11.20.1 * libtexlua52-5-debuginfo-5.2.4-150000.11.20.1 * texlive-convbkmk-bin-2017.20170520.svn30408-150000.11.20.1 * libpoppler73-debuginfo-0.62.0-150000.4.12.1 * texlive-web-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-xetex-bin-2017.20170520.svn44361-150000.11.20.1 * texlive-m-tx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-150000.11.20.1 * cups-filters-devel-1.20.3-150000.3.10.1 * texlive-afm2pl-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-lua2dox-bin-2017.20170520.svn29053-150000.11.20.1 * texlive-pmx-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-findhyph-bin-2017.20170520.svn14758-150000.11.20.1 * cups-filters-1.20.3-150000.3.10.1 * texlive-dviljk-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-kotex-utils-bin-2017.20170520.svn32101-150000.11.20.1 * texlive-kpathsea-devel-6.2.3-150000.11.20.1 * texlive-cyrillic-bin-bin-2017.20170520.svn29741-150000.11.20.1 * texlive-mkgrkindex-bin-2017.20170520.svn14428-150000.11.20.1 * texlive-tetex-bin-2017.20170520.svn43957-150000.11.20.1 * texlive-vlna-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-uplatex-bin-2017.20170520.svn26326-150000.11.20.1 * cups-filters-debuginfo-1.20.3-150000.3.10.1 * texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-listings-ext-bin-2017.20170520.svn15093-150000.11.20.1 * texlive-pstools-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-vlna-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pdftools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pfarrei-bin-2017.20170520.svn29348-150000.11.20.1 * texlive-jadetex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-luatex-bin-debuginfo-2017.20170520.svn44549-150000.11.20.1 * texlive-typeoutfileinfo-bin-2017.20170520.svn25648-150000.11.20.1 * texlive-xdvi-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-fragmaster-bin-2017.20170520.svn13663-150000.11.20.1 * texlive-texdirflatten-bin-2017.20170520.svn12782-150000.11.20.1 * texlive-a2ping-bin-2017.20170520.svn27321-150000.11.20.1 * libpoppler-cpp0-0.62.0-150000.4.12.1 * texlive-xmltex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-tie-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-musixtex-bin-2017.20170520.svn37026-150000.11.20.1 * texlive-fontware-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-pdfcrop-bin-2017.20170520.svn14387-150000.11.20.1 * libsynctex1-debuginfo-1.18-150000.11.20.1 * texlive-amstex-bin-2017.20170520.svn3006-150000.11.20.1 * texlive-ltximg-bin-2017.20170520.svn32346-150000.11.20.1 * texlive-autosp-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ctanupload-bin-2017.20170520.svn23866-150000.11.20.1 * texlive-dviasm-bin-2017.20170520.svn8329-150000.11.20.1 * texlive-listbib-bin-2017.20170520.svn26126-150000.11.20.1 * texlive-texliveonfly-bin-2017.20170520.svn24062-150000.11.20.1 * texlive-bibtexu-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ulqda-bin-2017.20170520.svn13663-150000.11.20.1 * libpoppler-devel-0.62.0-150000.4.12.1 * texlive-dvips-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-dvipos-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-150000.11.20.1 * texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-thumbpdf-bin-2017.20170520.svn6898-150000.11.20.1 * libtexluajit2-2.1.0beta2-150000.11.20.1 * libsynctex1-1.18-150000.11.20.1 * texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-platex-bin-2017.20170520.svn22859-150000.11.20.1 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.12.1 * libkpathsea6-6.2.3-150000.11.20.1 * texlive-2017.20170520-150000.11.20.1 * texlive-tex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-cweb-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-ptex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-splitindex-bin-2017.20170520.svn29688-150000.11.20.1 * texlive-latex-git-log-bin-2017.20170520.svn30983-150000.11.20.1 * texlive-makeindex-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pstools-bin-2017.20170520.svn44143-150000.11.20.1 * texlive-pmxchords-bin-2017.20170520.svn32405-150000.11.20.1 * texlive-synctex-devel-1.18-150000.11.20.1 * texlive-uptex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * poppler-debugsource-0.62.0-150000.4.12.1 * texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-150000.11.20.1 * texlive-mkpic-bin-2017.20170520.svn33688-150000.11.20.1 * texlive-de-macro-bin-2017.20170520.svn17399-150000.11.20.1 * libtexluajit2-debuginfo-2.1.0beta2-150000.11.20.1 * SUSE CaaS Platform 4.0 (noarch) * perl-biber-2017.20170520.svn30357-150000.11.20.1 * texlive-diadia-bin-2017.20170520.svn37645-150000.11.20.1 * texlive-biber-bin-2017.20170520.svn42679-150000.11.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24805.html * https://www.suse.com/security/cve/CVE-2023-32700.html * https://bugzilla.suse.com/show_bug.cgi?id=1211340 * https://bugzilla.suse.com/show_bug.cgi?id=1211389 * https://bugzilla.suse.com/show_bug.cgi?id=1211450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 07:04:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:04:21 +0200 (CEST) Subject: SUSE-CU-2023:1616-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230525070421.CE1F7F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1616-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.135 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.135 Severity : important Type : security References : 1127591 1195633 1203141 1207410 1207712 1208329 1209406 1210081 1210870 1211144 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2209-1 Released: Tue May 16 10:34:54 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: 1207712,1210081 This update for gdb fixes the following issues: - Fix license of gdb to be GPLv3, due to a mistake the testsuite results license was used (bsc#1210081). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - gdb-12.1-150400.15.9.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libzypp-17.31.11-150400.3.25.2 updated - systemd-249.16-150400.8.28.3 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:04:59 +0200 (CEST) Subject: SUSE-CU-2023:1618-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230525070459.1711FF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1618-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.31 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.31 Severity : important Type : security References : 1127591 1195633 1203141 1207410 1207712 1208329 1209406 1210081 1210870 1211144 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2209-1 Released: Tue May 16 10:34:54 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: 1207712,1210081 This update for gdb fixes the following issues: - Fix license of gdb to be GPLv3, due to a mistake the testsuite results license was used (bsc#1210081). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - gdb-12.1-150400.15.9.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libzypp-17.31.11-150400.3.25.2 updated - systemd-249.16-150400.8.28.3 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:07:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:07:42 +0200 (CEST) Subject: SUSE-CU-2023:1619-1: Security update of suse/sles12sp4 Message-ID: <20230525070742.41F6CF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1619-1 Container Tags : suse/sles12sp4:26.605 , suse/sles12sp4:latest Container Release : 26.605 Severity : important Type : security References : 1203248 1203249 1206309 1207992 1208329 1209209 1209210 1209211 1209212 1209214 1211231 1211232 1211233 1211339 428822 CVE-2022-43552 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2228-1 Released: Wed May 17 09:59:14 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2249-1 Released: Thu May 18 17:07:31 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1203248,1203249,1208329,428822 This update for libzypp, zypper fixes the following issues: - Removing a PTF without enabled repos should always fail (bsc#1203248) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Add expert (allow-*) options to all installer commands (bsc#428822) - Provide 'removeptf' command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. The following package changes have been done: - base-container-licenses-3.0-1.350 updated - container-suseconnect-2.0.0-1.232 updated - libcurl4-7.60.0-4.56.1 updated - libzypp-16.22.7-48.2 updated - zypper-1.13.64-21.55.2 updated From sle-updates at lists.suse.com Thu May 25 07:09:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:09:41 +0200 (CEST) Subject: SUSE-CU-2023:1620-1: Security update of suse/sles12sp5 Message-ID: <20230525070941.A4EAFF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1620-1 Container Tags : suse/sles12sp5:6.5.472 , suse/sles12sp5:latest Container Release : 6.5.472 Severity : important Type : security References : 1198608 1203248 1203249 1208329 1210593 1211230 1211231 1211232 1211233 428822 CVE-2022-27774 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2225-1 Released: Wed May 17 09:54:33 2023 Summary: Security update for curl Type: security Severity: important References: 1198608,1211230,1211231,1211232,1211233,CVE-2022-27774,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2249-1 Released: Thu May 18 17:07:31 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1203248,1203249,1208329,428822 This update for libzypp, zypper fixes the following issues: - Removing a PTF without enabled repos should always fail (bsc#1203248) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Add expert (allow-*) options to all installer commands (bsc#428822) - Provide 'removeptf' command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2260-1 Released: Mon May 22 10:29:33 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issues: - Fix crash when calling deflateBound() function (bsc#1210593) The following package changes have been done: - libcurl4-8.0.1-11.65.2 updated - libz1-1.2.11-11.34.1 updated - libzypp-16.22.7-48.2 updated - zypper-1.13.64-21.55.2 updated From sle-updates at lists.suse.com Thu May 25 07:12:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:12:42 +0200 (CEST) Subject: SUSE-CU-2023:1621-1: Security update of suse/sle15 Message-ID: <20230525071242.590B7F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1621-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.771 Container Release : 6.2.771 Severity : important Type : security References : 1127591 1195633 1206309 1207992 1208329 1209209 1209210 1209211 1209212 1209214 1209406 1210870 1211231 1211232 1211233 1211339 CVE-2022-43552 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2226-1 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2248-1 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - libcurl4-7.60.0-150000.51.1 updated - libsolv-tools-0.7.24-150100.4.12.1 updated - libzypp-17.31.11-150100.3.103.1 updated - zypper-1.14.60-150100.3.76.1 updated From sle-updates at lists.suse.com Thu May 25 07:14:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:14:44 +0200 (CEST) Subject: SUSE-CU-2023:1622-1: Security update of suse/sle15 Message-ID: <20230525071444.B3A7FF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1622-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.299 Container Release : 9.5.299 Severity : important Type : security References : 1127591 1195633 1208329 1209406 1210870 1211231 1211232 1211233 1211339 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - libcurl4-7.66.0-150200.4.57.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libzypp-17.31.11-150200.61.1 updated - zypper-1.14.60-150200.51.1 updated From sle-updates at lists.suse.com Thu May 25 07:16:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:16:30 +0200 (CEST) Subject: SUSE-CU-2023:1623-1: Security update of suse/sle15 Message-ID: <20230525071630.4DF99F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1623-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.140 , suse/sle15:15.3 , suse/sle15:15.3.17.20.140 Container Release : 17.20.140 Severity : important Type : security References : 1127591 1195633 1208329 1209406 1210870 1211231 1211232 1211233 1211339 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - curl-7.66.0-150200.4.57.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libzypp-17.31.11-150200.61.1 updated - zypper-1.14.60-150200.51.1 updated From sle-updates at lists.suse.com Thu May 25 07:17:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:17:24 +0200 (CEST) Subject: SUSE-CU-2023:1624-1: Security update of suse/389-ds Message-ID: <20230525071724.C266AF7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1624-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.38 , suse/389-ds:latest Container Release : 21.38 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:18:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:18:20 +0200 (CEST) Subject: SUSE-CU-2023:1625-1: Security update of bci/dotnet-aspnet Message-ID: <20230525071820.55A68F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1625-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.29 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.29 Container Release : 31.29 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:18:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:18:35 +0200 (CEST) Subject: SUSE-CU-2023:1626-1: Security update of bci/dotnet-aspnet Message-ID: <20230525071835.034C5F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1626-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.28 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.28 , bci/dotnet-aspnet:latest Container Release : 11.28 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:19:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:19:43 +0200 (CEST) Subject: SUSE-CU-2023:1627-1: Security update of bci/dotnet-sdk Message-ID: <20230525071943.C0E80F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1627-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.28 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.28 Container Release : 33.28 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:20:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:20:03 +0200 (CEST) Subject: SUSE-CU-2023:1628-1: Security update of bci/dotnet-sdk Message-ID: <20230525072003.47B12F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1628-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.28 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.28 , bci/dotnet-sdk:latest Container Release : 11.28 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:21:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:21:00 +0200 (CEST) Subject: SUSE-CU-2023:1629-1: Security update of bci/dotnet-runtime Message-ID: <20230525072100.DC651F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1629-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.28 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.28 Container Release : 30.28 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:21:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:21:15 +0200 (CEST) Subject: SUSE-CU-2023:1630-1: Security update of bci/dotnet-runtime Message-ID: <20230525072115.7A857F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1630-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.28 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.28 , bci/dotnet-runtime:latest Container Release : 11.28 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:21:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:21:57 +0200 (CEST) Subject: SUSE-CU-2023:1631-1: Security update of bci/golang Message-ID: <20230525072157.09972F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1631-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.56 Container Release : 22.56 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:22:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:22:09 +0200 (CEST) Subject: SUSE-CU-2023:1632-1: Security update of bci/golang Message-ID: <20230525072209.43BD4F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1632-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.55 , bci/golang:latest Container Release : 2.55 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:23:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:23:00 +0200 (CEST) Subject: SUSE-CU-2023:1633-1: Security update of bci/bci-init Message-ID: <20230525072300.E22C6F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1633-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.60 , bci/bci-init:latest Container Release : 26.60 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - systemd-249.16-150400.8.28.3 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:23:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:23:43 +0200 (CEST) Subject: SUSE-CU-2023:1634-1: Security update of bci/nodejs Message-ID: <20230525072343.E7D51F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1634-1 Container Tags : bci/node:16 , bci/node:16-15.58 , bci/nodejs:16 , bci/nodejs:16-15.58 Container Release : 15.58 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:23:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:23:58 +0200 (CEST) Subject: SUSE-CU-2023:1635-1: Security update of bci/nodejs Message-ID: <20230525072358.0C4DFF7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1635-1 Container Tags : bci/node:18 , bci/node:18-3.55 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.55 , bci/nodejs:latest Container Release : 3.55 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:24:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:24:53 +0200 (CEST) Subject: SUSE-CU-2023:1636-1: Security update of bci/openjdk Message-ID: <20230525072453.A766EF7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1636-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.58 Container Release : 35.58 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2269-1 Released: Mon May 22 14:50:34 2023 Summary: Feature update for javapackages-tools Type: feature Severity: moderate References: This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - javapackages-filesystem-6.1.0-150200.3.7.1 updated - javapackages-tools-6.1.0-150200.3.7.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 07:25:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 09:25:30 +0200 (CEST) Subject: SUSE-CU-2023:1637-1: Security update of bci/openjdk-devel Message-ID: <20230525072530.3076BF7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1637-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.108 , bci/openjdk-devel:latest Container Release : 14.108 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2269-1 Released: Mon May 22 14:50:34 2023 Summary: Feature update for javapackages-tools Type: feature Severity: moderate References: This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - javapackages-filesystem-6.1.0-150200.3.7.1 updated - javapackages-tools-6.1.0-150200.3.7.1 updated - container:bci-openjdk-17-15.4.17-13.58 updated From sle-updates at lists.suse.com Thu May 25 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 08:30:02 -0000 Subject: SUSE-SU-2023:2295-1: important: Security update for rmt-server Message-ID: <168500340293.18106.16513225021710103670@smelt2.suse.de> # Security update for rmt-server Announcement ID: SUSE-SU-2023:2295-1 Rating: important References: * #1202053 * #1203171 * #1206593 * #1207670 * #1209096 * #1209507 * #1209825 * #1211398 Cross-References: * CVE-2023-27530 * CVE-2023-28120 CVSS scores: * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28120 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has six fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: Updated to version 2.13: * CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507). * CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096). Non-security fixes: * Fixed transactional update on GCE (bsc#1211398). * Use HTTPS in rmt-client-setup-res (bsc#1209825). * Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2295=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2295=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2295=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150400.3.12.1 * rmt-server-debugsource-2.13-150400.3.12.1 * rmt-server-pubcloud-2.13-150400.3.12.1 * rmt-server-2.13-150400.3.12.1 * rmt-server-config-2.13-150400.3.12.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150400.3.12.1 * rmt-server-debugsource-2.13-150400.3.12.1 * rmt-server-pubcloud-2.13-150400.3.12.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150400.3.12.1 * rmt-server-2.13-150400.3.12.1 * rmt-server-config-2.13-150400.3.12.1 * rmt-server-debugsource-2.13-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27530.html * https://www.suse.com/security/cve/CVE-2023-28120.html * https://bugzilla.suse.com/show_bug.cgi?id=1202053 * https://bugzilla.suse.com/show_bug.cgi?id=1203171 * https://bugzilla.suse.com/show_bug.cgi?id=1206593 * https://bugzilla.suse.com/show_bug.cgi?id=1207670 * https://bugzilla.suse.com/show_bug.cgi?id=1209096 * https://bugzilla.suse.com/show_bug.cgi?id=1209507 * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1211398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2294-1: important: Security update for rmt-server Message-ID: <168500340558.18106.111657986220259036@smelt2.suse.de> # Security update for rmt-server Announcement ID: SUSE-SU-2023:2294-1 Rating: important References: * #1202053 * #1203171 * #1206593 * #1207670 * #1209096 * #1209507 * #1209825 * #1211398 Cross-References: * CVE-2023-27530 * CVE-2023-28120 CVSS scores: * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28120 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Public Cloud Module 15-SP2 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves two vulnerabilities and has six fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: Updated to version 2.13: \- CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507). \- CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096). Non-security fixes: \- Fixed transactional update on GCE (bsc#1211398). \- Use HTTPS in rmt-client-setup-res (bsc#1209825). \- Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2294=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2294=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2294=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2294=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2294=1 ## Package List: * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * rmt-server-pubcloud-2.13-150200.3.32.1 * rmt-server-debuginfo-2.13-150200.3.32.1 * rmt-server-debugsource-2.13-150200.3.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * rmt-server-2.13-150200.3.32.1 * rmt-server-config-2.13-150200.3.32.1 * rmt-server-debuginfo-2.13-150200.3.32.1 * rmt-server-debugsource-2.13-150200.3.32.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * rmt-server-2.13-150200.3.32.1 * rmt-server-config-2.13-150200.3.32.1 * rmt-server-debuginfo-2.13-150200.3.32.1 * rmt-server-debugsource-2.13-150200.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * rmt-server-2.13-150200.3.32.1 * rmt-server-config-2.13-150200.3.32.1 * rmt-server-debuginfo-2.13-150200.3.32.1 * rmt-server-debugsource-2.13-150200.3.32.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * rmt-server-2.13-150200.3.32.1 * rmt-server-config-2.13-150200.3.32.1 * rmt-server-debuginfo-2.13-150200.3.32.1 * rmt-server-debugsource-2.13-150200.3.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27530.html * https://www.suse.com/security/cve/CVE-2023-28120.html * https://bugzilla.suse.com/show_bug.cgi?id=1202053 * https://bugzilla.suse.com/show_bug.cgi?id=1203171 * https://bugzilla.suse.com/show_bug.cgi?id=1206593 * https://bugzilla.suse.com/show_bug.cgi?id=1207670 * https://bugzilla.suse.com/show_bug.cgi?id=1209096 * https://bugzilla.suse.com/show_bug.cgi?id=1209507 * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1211398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2293-1: moderate: Recommended update for mercurial Message-ID: <168500340717.18106.17481469590652188264@smelt2.suse.de> # Recommended update for mercurial Announcement ID: SUSE-RU-2023:2293-1 Rating: moderate References: * #1210707 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for mercurial fixes the following issues: * Fix unexprted abort at cloning a repo (bsc#1210707) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2293=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2293=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2293=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mercurial-debuginfo-5.9.1-150400.3.3.1 * mercurial-debugsource-5.9.1-150400.3.3.1 * mercurial-5.9.1-150400.3.3.1 * mercurial-tests-5.9.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * mercurial-lang-5.9.1-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mercurial-debuginfo-5.9.1-150400.3.3.1 * mercurial-debugsource-5.9.1-150400.3.3.1 * mercurial-5.9.1-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mercurial-debuginfo-5.9.1-150400.3.3.1 * mercurial-debugsource-5.9.1-150400.3.3.1 * mercurial-5.9.1-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210707 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 08:30:08 -0000 Subject: SUSE-SU-2023:2292-1: moderate: Security update for kubernetes1.23 Message-ID: <168500340831.18106.12703381248630010505@smelt2.suse.de> # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2023:2292-1 Rating: moderate References: Cross-References: * CVE-2021-25749 * CVE-2022-3162 * CVE-2022-3294 CVSS scores: * CVE-2021-25749 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3162 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-3162 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-3294 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3294 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * Containers Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues: * add kubernetes1.18-client-common as conflicts with kubernetes-client-bash- completion * Split individual completions into separate packages Update to version 1.23.17: * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 * add scale test for probes * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * egress_selector: prevent goroutines leak on connect() step. * tls.Dial() validates hostname, no need to do that manually * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Bump Konnectivity to v0.0.35 * Improve vendor verification works for each staging repo * Update to go1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Match go1.17 defaults for SHA-1 and GC * update golangci-lint to 1.45.0 * kubelet: make the image pull time more accurate in event * change k8s.gcr.io/pause to registry.k8s.io/pause * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * Add CVE-2021-25749 to CHANGELOG-1.23.md * Add CVE-2022-3294 to CHANGELOG-1.23.md * kubeadm: use registry.k8s.io instead of k8s.gcr.io * etcd: Updated to v3.5.5 * Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. Agent & Server include numerous other fixes. * kubeadm: allow RSA and ECDSA format keys in preflight check * Fixes kubelet log compression on Windows * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * update structured-merge-diff to 4.2.3 * Add rate limiting when calling STS assume role API * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2292=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2292=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2292=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2292=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2292=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2292=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.23-client-1.23.17-150300.7.6.1 * kubernetes1.23-client-common-1.23.17-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-25749.html * https://www.suse.com/security/cve/CVE-2022-3162.html * https://www.suse.com/security/cve/CVE-2022-3294.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 08:30:10 -0000 Subject: SUSE-RU-2023:2291-1: moderate: Recommended update for microos-tools Message-ID: <168500341002.18106.4677574940424827415@smelt2.suse.de> # Recommended update for microos-tools Announcement ID: SUSE-RU-2023:2291-1 Rating: moderate References: * #1202395 * #1202449 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has two recommended fixes can now be installed. ## Description: This update for microos-tools fixes the following issue: * Update to version 2.17 (bsc#1202449, bsc#1202395) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2291=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2291=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * microos-tools-2.17-150300.7.3.1 * microos-tools-debugsource-2.17-150300.7.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * microos-tools-2.17-150300.7.3.1 * microos-tools-debugsource-2.17-150300.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202395 * https://bugzilla.suse.com/show_bug.cgi?id=1202449 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:09:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:09:14 +0200 (CEST) Subject: SUSE-CU-2023:1637-1: Security update of bci/openjdk-devel Message-ID: <20230525120914.E1465FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1637-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.108 , bci/openjdk-devel:latest Container Release : 14.108 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2269-1 Released: Mon May 22 14:50:34 2023 Summary: Feature update for javapackages-tools Type: feature Severity: moderate References: This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - javapackages-filesystem-6.1.0-150200.3.7.1 updated - javapackages-tools-6.1.0-150200.3.7.1 updated - container:bci-openjdk-17-15.4.17-13.58 updated From sle-updates at lists.suse.com Thu May 25 12:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:09:49 +0200 (CEST) Subject: SUSE-CU-2023:1638-1: Security update of bci/openjdk Message-ID: <20230525120949.55783FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1638-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.58 , bci/openjdk:latest Container Release : 13.58 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2269-1 Released: Mon May 22 14:50:34 2023 Summary: Feature update for javapackages-tools Type: feature Severity: moderate References: This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - javapackages-filesystem-6.1.0-150200.3.7.1 updated - javapackages-tools-6.1.0-150200.3.7.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:11:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:11:18 +0200 (CEST) Subject: SUSE-CU-2023:1639-1: Security update of suse/pcp Message-ID: <20230525121118.71338FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1639-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.50 , suse/pcp:5.2 , suse/pcp:5.2-14.50 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.50 , suse/pcp:latest Container Release : 14.50 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - systemd-249.16-150400.8.28.3 updated - container:bci-bci-init-15.4-15.4-26.60 updated From sle-updates at lists.suse.com Thu May 25 12:11:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:11:32 +0200 (CEST) Subject: SUSE-CU-2023:1640-1: Security update of bci/php-fpm Message-ID: <20230525121132.C70F9FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1640-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.53 Container Release : 2.53 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:11:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:11:47 +0200 (CEST) Subject: SUSE-CU-2023:1641-1: Security update of bci/php Message-ID: <20230525121147.8ECC1FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1641-1 Container Tags : bci/php:8 , bci/php:8-2.52 Container Release : 2.52 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:12:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:12:55 +0200 (CEST) Subject: SUSE-CU-2023:1642-1: Security update of bci/python Message-ID: <20230525121255.6B137FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1642-1 Container Tags : bci/python:3 , bci/python:3-12.52 , bci/python:3.10 , bci/python:3.10-12.52 , bci/python:latest Container Release : 12.52 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - curl-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:14:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:14:03 +0200 (CEST) Subject: SUSE-CU-2023:1643-1: Security update of bci/ruby Message-ID: <20230525121403.591B5FBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1643-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.51 , bci/ruby:2.5 , bci/ruby:2.5-34.51 , bci/ruby:latest Container Release : 34.51 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - curl-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:14:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:14:11 +0200 (CEST) Subject: SUSE-CU-2023:1644-1: Security update of bci/rust Message-ID: <20230525121411.BFDFDFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1644-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-3.13 Container Release : 3.13 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:14:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:14:16 +0200 (CEST) Subject: SUSE-CU-2023:1645-1: Security update of bci/rust Message-ID: <20230525121416.28EEEFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1645-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.12 , bci/rust:latest Container Release : 2.12 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Thu May 25 12:15:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:15:09 +0200 (CEST) Subject: SUSE-CU-2023:1646-1: Security update of suse/sle15 Message-ID: <20230525121509.7D7A9FBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1646-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.63 , suse/sle15:15.4 , suse/sle15:15.4.27.14.63 Container Release : 27.14.63 Severity : important Type : security References : 1127591 1195633 1203141 1207410 1208329 1209406 1210870 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - curl-8.0.1-150400.5.23.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libzypp-17.31.11-150400.3.25.2 updated - zypper-1.14.60-150400.3.21.2 updated From sle-updates at lists.suse.com Thu May 25 12:16:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:16:05 +0200 (CEST) Subject: SUSE-CU-2023:1648-1: Security update of bci/bci-init Message-ID: <20230525121605.BE0CCFBAF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1648-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.127 Container Release : 4.127 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) The following package changes have been done: - libz1-1.2.13-150500.2.3 updated - libuuid1-2.37.4-150500.7.16 updated - libsmartcols1-2.37.4-150500.7.16 updated - libblkid1-2.37.4-150500.7.16 updated - libgcrypt20-1.9.4-150500.10.19 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libfdisk1-2.37.4-150500.7.16 updated - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libmount1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - sles-release-15.5-150500.43.4 updated - util-linux-2.37.4-150500.7.16 updated - systemd-249.16-150400.8.28.3 updated - container:sles15-image-15.0.0-35.2.48 updated From sle-updates at lists.suse.com Thu May 25 12:17:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:17:38 +0200 (CEST) Subject: SUSE-CU-2023:1651-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230525121738.ECCFEFBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1651-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.396 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.396 Severity : important Type : security References : 1127591 1195633 1208329 1209406 1210870 1211144 1211231 1211232 1211233 1211339 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - libcurl4-7.66.0-150200.4.57.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libzypp-17.31.11-150200.61.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.140 updated From sle-updates at lists.suse.com Thu May 25 12:19:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 14:19:44 +0200 (CEST) Subject: SUSE-CU-2023:1653-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230525121944.B6A5AFBAF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1653-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.218 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.218 Severity : important Type : security References : 1127591 1195633 1208329 1209406 1210870 1211144 1211231 1211232 1211233 1211339 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority The following package changes have been done: - libcurl4-7.66.0-150200.4.57.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libzypp-17.31.11-150200.61.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.140 updated From sle-updates at lists.suse.com Thu May 25 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:04 -0000 Subject: SUSE-RU-2023:2302-1: moderate: Recommended update for strongswan Message-ID: <168501780495.15251.12743819973374418109@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:2302-1 Rating: moderate References: * #946193 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for strongswan fixes the following issues: * Add set_proto_port_transport_sa config option needed for USGv6 tests (bsc#946193) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2302=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2302=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2302=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2302=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2302=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2302=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2302=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2302=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2302=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE OpenStack Cloud 9 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * strongswan-doc-5.1.3-26.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * strongswan-5.1.3-26.26.1 * strongswan-hmac-5.1.3-26.26.1 * strongswan-libs0-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-debuginfo-5.1.3-26.26.1 * strongswan-ipsec-5.1.3-26.26.1 * strongswan-libs0-5.1.3-26.26.1 * strongswan-debugsource-5.1.3-26.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * strongswan-doc-5.1.3-26.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=946193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:06 -0000 Subject: SUSE-RU-2023:2301-1: moderate: Recommended update for cosign Message-ID: <168501780605.15251.6956440052308720848@smelt2.suse.de> # Recommended update for cosign Announcement ID: SUSE-RU-2023:2301-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: cosign was updated to 2.0.1 (jsc#SLE-23879) * Enhancements * Add environment variable token provider (#2864) * Remove cosign policy command (#2846) * Allow customising 'go' executable with GOEXE var (#2841) * Consistent tlog warnings during verification (#2840) * Add riscv64 arch (#2821) * Default generated PEM labels to SIGSTORE (#2735) * Update privacy statement and confirmation (#2797) * Add exit codes for verify errors (#2766) * Add Buildkite provider (#2779) * verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746) * Bug Fixes * PKCS11 sessions are now opened read only (#2853) * Makefile: date format of log should not show signatures (#2835) * Add missing flags to cosign verify dockerfile/manifest (#2830) * Add a warning to remember how to configure a custom Gitlab host (#2816) * Remove tag warning message from save/copy commands (#2799) * Mark keyless pem files with b64 (#2671) * build against a maintained golang version (upstream uses go1.20) cosign was updated to 2.0.0 (jsc#SLE-23879) * Breaking Changes: * insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620) * Deprecate --certificate-email flag. Make --certificate-identity and -? (#2411) * Enhancements: * Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544) * Allow users to pass in a path for the --identity-token flag (#2538) * Breaking change: Respect tlog-upload=false, default to true (#2505) * Support outputing a certificate without uploading to the tlog (#2506) * Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464) * respect tlog-upload flag with TSA (#2474) * Better feedback if specifying incompatible argument on cosign sign --attachment (#2449) * Support TSA and Rekor verifications (#2463) * add support for tsa signing and verification of images (#2460) * cosign policy sign: remove experimental flag and make keyless signing default (#2459) * Remove experimental mode from cosign attest and verify-attestation (#2458) * Remove experimental mode from sign-blob and verify-blob (#2457) * Add --offline flag to force offline verification (#2427) * Air gap support (#2299) * Breaking change: Change SCT verification behavior to default to enforcement (#2400) * Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399) * Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397) * Remove experimental flag from cosign sign and cosign verify (#2387) * verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362) * Add warning to use digest instead of tags to other cosign commands (#2650) * Fix up UI messages (#2629) * Remove hardcoded Fulcio from output (#2621) * Fix missing privacy statement, print in multiple locations (#2622) * feat: allows custom key names for import-key-pair (#2587) * feat: support keyless verification for verify-blob-attestation (#2525) * attest-blob: add functionality for keyless signing (#2515) * Rego: add support for custom error/warning messages when evaluating rego rules (#2577) * feat: add debug information to cert validation error (#2579) * Support non-Sigstore TSA requests (#2708) * Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag (#2684) * Output certificate in bundle when entry is not uploaded to Rekor (#2715) * attach signature and attach sbom must use STDIN to upload raw string (#2637) * add generate-key-pair GitHub Enterprise server support (#2676) * add in format string for warning (#2699) * Support for fetching Fulcio certs with self-managed key (#2532) * 2476 predicate type download (#2484) * Bug Fixes: * Fix the file existence check. (#2552) * Fix timestamp verification, add verify-blob tests (#2527) * Fix(verify): Consolidate certificate expiry logic (#2504) * Updates to Timestamp signing and verification (#2499) * Fix: removes attestation payload from attest-blob's output & no base64 encoding (#2498) * Fix path for e2e-tests badge (#2490) * Fix spdx json media type (#2479) * Fix sct verificaction (#2426) * Fix: panic with unsigned local image (#2656) * Make sure a cert passed in via --cert matches the bundle cert (#2652) * Fix: fix github oidc post submit test (#2594) * Fix: add enhanced error messages for failing verification with TUF targets (#2589) * Fix: Add missing schemes to cosign predicate types. (#2717) * Fix: Drop the CosignPredicate wrapper around SBOM attestations. (#2718) * Fix prompts with Windows line endings (#2674) cosing was update to 1.13.1: * verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341) * Nits for #2337 (#2342) * Add verify-blob-attestation command and tests (#2337) * Update warning when users sign images by tag. (#2313) * Remove experimental flags from attest-blob and refactor (#2338) * Add --output-attestation flag to attest-blob and remove experimental signing (#2332) * Add attest-blob command (#2286) * Add '\--cert-identity' flag to support subject alternate names for ver? (#2278) * Update Dockerfile section of README (#2323) * Fix option description: "sign" \--> "verify" (#2306) cosign was updated to 1.13.0: * feat: use stdin as an input for predicate by @developer-guy in https://github.com/sigstore/cosign/pull/2269 * feat: improve the verification message by @developer-guy in https://github.com/sigstore/cosign/pull/2268 * use scaffolding 0.4.8 for tests. by @vaikas in https://github.com/sigstore/cosign/pull/2280 * fix pivtool generate key touch policy by @cpanato in https://github.com/sigstore/cosign/pull/2282 * Check error on chain verification failure by @haydentherapper in https://github.com/sigstore/cosign/pull/2284 * Fix: Remove an extra registry request from verification path. by @mattmoor in https://github.com/sigstore/cosign/pull/2285 * Fix: Create a static copy of signatures as part of verification. by @mattmoor in https://github.com/sigstore/cosign/pull/2287 * Data race in FetchSignaturesForReference by @RTann in https://github.com/sigstore/cosign/pull/2283 * Add support for Fulcio username identity in SAN by @haydentherapper in https://github.com/sigstore/cosign/pull/2291 * fix: make tlog entry lookups for online verification shard-aware by @asraa in https://github.com/sigstore/cosign/pull/2297 * Better help text to sign and verify SBOM by @ChristianCiach in https://github.com/sigstore/cosign/pull/2308 * Adding warning to pin to digest by @ChaosInTheCRD in https://github.com/sigstore/cosign/pull/2311 * Add annotations for upload blob. by @cldmnky in https://github.com/sigstore/cosign/pull/2188 * replace deprecate package by @cpanato in https://github.com/sigstore/cosign/pull/2314 * update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in https://github.com/sigstore/cosign/pull/2315 cosign was updated to 1.12.1: * fix: Pulls Fulcio root and intermediate when --certificate-chain is not passed into verify-blob command. The v1.12.0 release introduced a regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would check a --certificate (without a --certificate-chain provided) against the operating system root CA bundle. In this release, Cosign checks the certificate against Fulcio's CA root instead (restoring the earlier behavior). * fix: fix cert chain validation for verify-blob in non-experimental mode * fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba * Fix BYO-root with intermediate to fetch intermediates from annotation * fix: fixing breaking changes in rekor v1.12.0 upgrade ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2301=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2301=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.9.1 ## References: * https://jira.suse.com/browse/SLE-23879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2300-1: moderate: Recommended update for bouncycastle Message-ID: <168501780725.15251.7603744160809832362@smelt2.suse.de> # Recommended update for bouncycastle Announcement ID: SUSE-RU-2023:2300-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for bouncycastle fixes the following issues: bouncycastle was updated to version 1.73: * Defects Fixed: * BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. * The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. * The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. * There was an off-by-one error in engineGetOutputSize() for ECIES. * The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. * Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. * Fixed RFC3394WrapEngine handling of 64 bit keys. * Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. * JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. * PKCS10CertificationRequest now checks for empty extension parameters. * Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. * PGP AEAD streams could occassionally be truncated. * The ESTService class now supports processing of chunked HTTP data. * A constructed ASN.1 OCTET STRING with a single member would sometimes be re- encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. * PKIXCertPathReviewer could fail if the trust anchor was also included in the certificate store being used for path analysis. * UTF-8 parsing of an array range ignored the provided length. * IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt(). * A Java 7 class snuck into the Java 5 to Java 8 build. * Additional Features and Functionality: * The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low- level API and the BCPQC provider (level 3 and level 5 parameter sets only). * The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low- level API. * The org.bouncycastle.rsa.max_mr_tests property check has been added to allow capping of MR tests done on RSA moduli. * Significant performance improvements in PQC algorithms, especially BIKE, CMCE, Frodo, HQC, Picnic. * EdDSA verification now conforms to the recommendations of Taming the many EdDSAs, in particular cofactored verification. As a side benefit, Pornin's basis reduction is now used for EdDSA verification, giving a significant performance boost. * Major performance improvements for Anomalous Binary (Koblitz) Curves. * The lightweight Cryptography finalists Ascon, ISAP, Elephant, PhotonBeetle, Sparkle, and Xoodyak have been added to the light-weight cryptography API. * BLAKE2bp and BLAKE2sp have been added to the light-weight cryptography API. * Support has been added for X.509, Section 9.8, hybrid certificates and CRLs using alternate public keys and alternate signatures. * The property "org.bouncycastle.emulate.oracle" has been added to signal the provider should return algorithm names on some algorithms in the same manner as the Oracle JCE provider. * An extra replaceSigners method has been added to CMSSignedData which allows for specifying the digest algorithm IDs to be used in the new CMSSignedData object. * Parsing and re-encoding of ASN.1 PEM data has been further optimized to prevent unecessary conversions between basic encoding, definite length, and DER. * Support has been added for KEM ciphers in CMS in accordance with draft-ietf- lamps-cms-kemri * Support has been added for certEncr in CRMF to allow issuing of certificates for KEM public keys. * Further speedups have been made to CRC24. * GCMParameterSpec constructor caching has been added to improve performance for JVMs that have the class available. * The PGPEncrytedDataGenerator now supports injecting the session key to be used for PGP PBE encrypted data. * The CRMF CertificateRequestMessageBuilder now supports optional attributes. * Improvements to the s calculation in JPAKE. * A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU. * An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API. * Security Advisories: * The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the CONTRIBUTORS file. * For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2300=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2300=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2300=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2300=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2300=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2300=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2300=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2300=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2300=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2300=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2300=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2300=1 ## Package List: * openSUSE Leap 15.4 (noarch) * bouncycastle-mail-1.73-150200.3.15.1 * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-javadoc-1.73-150200.3.15.1 * bouncycastle-tls-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * Development Tools Module 15-SP4 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Enterprise Storage 7.1 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 * SUSE Enterprise Storage 7 (noarch) * bouncycastle-pkix-1.73-150200.3.15.1 * bouncycastle-util-1.73-150200.3.15.1 * bouncycastle-1.73-150200.3.15.1 * bouncycastle-pg-1.73-150200.3.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:09 -0000 Subject: SUSE-RU-2023:2299-1: moderate: Recommended update for mdadm Message-ID: <168501780959.15251.6829449934920505635@smelt2.suse.de> # Recommended update for mdadm Announcement ID: SUSE-RU-2023:2299-1 Rating: moderate References: * #1205493 * #1205830 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for mdadm fixes the following issues: * Fixes for mdmon to ensure it runs at the right time in the fight mount namespace, this fixes various problems with IMSM raid arrays (bsc#1205493, bsc#1205830) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2299=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2299=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2299=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2299=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2299=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2299=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2299=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2299=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2299=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2299=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2299=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.27.1 * mdadm-debuginfo-4.1-150300.24.27.1 * mdadm-debugsource-4.1-150300.24.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205493 * https://bugzilla.suse.com/show_bug.cgi?id=1205830 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:12 -0000 Subject: SUSE-SU-2023:2298-1: moderate: Security update for distribution Message-ID: <168501781222.15251.3785504254236046690@smelt2.suse.de> # Security update for distribution Announcement ID: SUSE-SU-2023:2298-1 Rating: moderate References: * #1207705 * #1210428 Cross-References: * CVE-2023-2253 CVSS scores: * CVE-2023-2253 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for distribution fixes the following issues: Update to verison 2.8.2: * Revert registry/client: set `Accept: identity` header when getting layers * Parse `http` forbidden as denied * Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705) * Fix panic in inmemory driver * update to go1.19.9 * Add code to handle pagination of parts. Fixes max layer size of 10GB bug * Dockerfile: fix filenames of artifacts ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2298=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2298=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.2-150400.9.21.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * distribution-registry-2.8.2-150400.9.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2253.html * https://bugzilla.suse.com/show_bug.cgi?id=1207705 * https://bugzilla.suse.com/show_bug.cgi?id=1210428 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:14 -0000 Subject: SUSE-SU-2023:2297-1: important: Security update for golang-github-vpenso-prometheus_slurm_exporter Message-ID: <168501781483.15251.14504664893715311995@smelt2.suse.de> # Security update for golang-github-vpenso-prometheus_slurm_exporter Announcement ID: SUSE-SU-2023:2297-1 Rating: important References: * #1200441 * #1209658 Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that has two fixes can now be installed. ## Description: This update of golang-github-vpenso-prometheus_slurm_exporter fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2297=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-2297=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2297=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2297=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 * HPC Module 15-SP4 (aarch64 x86_64) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 12:30:16 -0000 Subject: SUSE-SU-2023:2296-1: important: Security update for openvswitch Message-ID: <168501781658.15251.16230779215959978613@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2296-1 Rating: important References: * #1210054 Cross-References: * CVE-2023-1668 CVSS scores: * CVE-2023-1668 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1668 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2296=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2296=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2296=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2296=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2296=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2296=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openvswitch-pki-2.14.2-150400.24.9.1 * python3-ovs-2.14.2-150400.24.9.1 * ovn-devel-20.06.2-150400.24.9.1 * ovn-vtep-debuginfo-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.9.1 * ovn-vtep-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-2.14.2-150400.24.9.1 * openvswitch-vtep-2.14.2-150400.24.9.1 * openvswitch-test-2.14.2-150400.24.9.1 * openvswitch-ipsec-2.14.2-150400.24.9.1 * openvswitch-devel-2.14.2-150400.24.9.1 * ovn-host-20.06.2-150400.24.9.1 * ovn-central-20.06.2-150400.24.9.1 * openvswitch-2.14.2-150400.24.9.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * libovn-20_06-0-20.06.2-150400.24.9.1 * ovn-host-debuginfo-20.06.2-150400.24.9.1 * ovn-debuginfo-20.06.2-150400.24.9.1 * ovn-docker-20.06.2-150400.24.9.1 * ovn-central-debuginfo-20.06.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * ovn-20.06.2-150400.24.9.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.9.1 * openvswitch-test-debuginfo-2.14.2-150400.24.9.1 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.9.1 * ovn-doc-20.06.2-150400.24.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-pki-2.14.2-150400.24.9.1 * python3-ovs-2.14.2-150400.24.9.1 * ovn-devel-20.06.2-150400.24.9.1 * ovn-vtep-debuginfo-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.9.1 * ovn-vtep-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-2.14.2-150400.24.9.1 * openvswitch-vtep-2.14.2-150400.24.9.1 * openvswitch-test-2.14.2-150400.24.9.1 * openvswitch-ipsec-2.14.2-150400.24.9.1 * openvswitch-devel-2.14.2-150400.24.9.1 * ovn-host-20.06.2-150400.24.9.1 * ovn-central-20.06.2-150400.24.9.1 * openvswitch-2.14.2-150400.24.9.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * libovn-20_06-0-20.06.2-150400.24.9.1 * ovn-host-debuginfo-20.06.2-150400.24.9.1 * ovn-debuginfo-20.06.2-150400.24.9.1 * ovn-docker-20.06.2-150400.24.9.1 * ovn-central-debuginfo-20.06.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * ovn-20.06.2-150400.24.9.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.9.1 * openvswitch-test-debuginfo-2.14.2-150400.24.9.1 * openSUSE Leap 15.5 (noarch) * openvswitch-doc-2.14.2-150400.24.9.1 * ovn-doc-20.06.2-150400.24.9.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-pki-2.14.2-150400.24.9.1 * python3-ovs-2.14.2-150400.24.9.1 * ovn-devel-20.06.2-150400.24.9.1 * ovn-vtep-debuginfo-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.9.1 * ovn-vtep-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-2.14.2-150400.24.9.1 * openvswitch-vtep-2.14.2-150400.24.9.1 * openvswitch-test-2.14.2-150400.24.9.1 * openvswitch-ipsec-2.14.2-150400.24.9.1 * openvswitch-devel-2.14.2-150400.24.9.1 * ovn-host-20.06.2-150400.24.9.1 * ovn-central-20.06.2-150400.24.9.1 * openvswitch-2.14.2-150400.24.9.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * libovn-20_06-0-20.06.2-150400.24.9.1 * ovn-host-debuginfo-20.06.2-150400.24.9.1 * ovn-debuginfo-20.06.2-150400.24.9.1 * ovn-docker-20.06.2-150400.24.9.1 * ovn-central-debuginfo-20.06.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * ovn-20.06.2-150400.24.9.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.9.1 * openvswitch-test-debuginfo-2.14.2-150400.24.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-ovs-2.14.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-ovs-2.14.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-pki-2.14.2-150400.24.9.1 * python3-ovs-2.14.2-150400.24.9.1 * ovn-devel-20.06.2-150400.24.9.1 * ovn-vtep-debuginfo-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.9.1 * ovn-vtep-20.06.2-150400.24.9.1 * libopenvswitch-2_14-0-2.14.2-150400.24.9.1 * openvswitch-vtep-2.14.2-150400.24.9.1 * openvswitch-test-2.14.2-150400.24.9.1 * openvswitch-ipsec-2.14.2-150400.24.9.1 * openvswitch-devel-2.14.2-150400.24.9.1 * ovn-host-20.06.2-150400.24.9.1 * ovn-central-20.06.2-150400.24.9.1 * openvswitch-2.14.2-150400.24.9.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.9.1 * openvswitch-debuginfo-2.14.2-150400.24.9.1 * libovn-20_06-0-20.06.2-150400.24.9.1 * ovn-host-debuginfo-20.06.2-150400.24.9.1 * ovn-debuginfo-20.06.2-150400.24.9.1 * ovn-docker-20.06.2-150400.24.9.1 * ovn-central-debuginfo-20.06.2-150400.24.9.1 * openvswitch-debugsource-2.14.2-150400.24.9.1 * ovn-20.06.2-150400.24.9.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.9.1 * openvswitch-test-debuginfo-2.14.2-150400.24.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1668.html * https://bugzilla.suse.com/show_bug.cgi?id=1210054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2304-1: important: Security update for rmt-server Message-ID: <168503220247.15324.7350423110808407509@smelt2.suse.de> # Security update for rmt-server Announcement ID: SUSE-SU-2023:2304-1 Rating: important References: * #1202053 * #1203171 * #1206593 * #1207670 * #1209096 * #1209507 * #1209825 * #1211398 Cross-References: * CVE-2023-27530 * CVE-2023-28120 CVSS scores: * CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28120 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves two vulnerabilities and has six fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: Updated to version 2.13: * CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507). * CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096). Non-security fixes: * Fixed transactional update on GCE (bsc#1211398). * Use HTTPS in rmt-client-setup-res (bsc#1209825). * Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2304=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2304=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2304=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2304=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150100.3.45.1 * rmt-server-pubcloud-2.13-150100.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * rmt-server-debuginfo-2.13-150100.3.45.1 * rmt-server-2.13-150100.3.45.1 * rmt-server-config-2.13-150100.3.45.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.13-150100.3.45.1 * rmt-server-2.13-150100.3.45.1 * rmt-server-config-2.13-150100.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * rmt-server-debuginfo-2.13-150100.3.45.1 * rmt-server-2.13-150100.3.45.1 * rmt-server-config-2.13-150100.3.45.1 * SUSE CaaS Platform 4.0 (x86_64) * rmt-server-debuginfo-2.13-150100.3.45.1 * rmt-server-2.13-150100.3.45.1 * rmt-server-config-2.13-150100.3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27530.html * https://www.suse.com/security/cve/CVE-2023-28120.html * https://bugzilla.suse.com/show_bug.cgi?id=1202053 * https://bugzilla.suse.com/show_bug.cgi?id=1203171 * https://bugzilla.suse.com/show_bug.cgi?id=1206593 * https://bugzilla.suse.com/show_bug.cgi?id=1207670 * https://bugzilla.suse.com/show_bug.cgi?id=1209096 * https://bugzilla.suse.com/show_bug.cgi?id=1209507 * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1211398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu May 25 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2303-1: moderate: Recommended update for powerpc-utils Message-ID: <168503220401.15324.10945162599772153957@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:2303-1 Rating: moderate References: * #1210544 Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Fix lparstat output of purr values (PED-3947, bsc#1210544) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2303=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2303=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * powerpc-utils-debuginfo-1.3.9-8.17.1 * powerpc-utils-debugsource-1.3.9-8.17.1 * powerpc-utils-1.3.9-8.17.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * powerpc-utils-debuginfo-1.3.9-8.17.1 * powerpc-utils-debugsource-1.3.9-8.17.1 * powerpc-utils-1.3.9-8.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210544 * https://jira.suse.com/browse/PED-3947 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 29 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2023 08:30:01 -0000 Subject: SUSE-RU-2023:2306-1: moderate: Recommended update for osc Message-ID: <168534900192.28301.7168739354937959306@smelt2.suse.de> # Recommended update for osc Announcement ID: SUSE-RU-2023:2306-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for osc fixes the following issues: * Fix crash due to list having no copy attribute on python2 * Fix crash in ssh auth when .ssh directory is missing ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2306=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2306=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2306=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2306=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2306=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2306=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2306=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2306=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2306=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2306=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2306=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2306=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2306=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2306=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2306=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2306=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * osc-0.182.1-150100.3.35.1 * Development Tools Module 15-SP4 (noarch) * osc-0.182.1-150100.3.35.1 * Development Tools Module 15-SP5 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Enterprise Storage 7.1 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE Enterprise Storage 7 (noarch) * osc-0.182.1-150100.3.35.1 * SUSE CaaS Platform 4.0 (noarch) * osc-0.182.1-150100.3.35.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 29 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2023 08:30:03 -0000 Subject: SUSE-RU-2023:2305-1: moderate: Recommended update for selinux-policy Message-ID: <168534900326.28301.2889087981731762570@smelt2.suse.de> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:2305-1 Rating: moderate References: * #1211045 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Fix entropy daemon failing to start (bsc#1211045) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2305=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2305=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.6.1 * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.6.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.6.1 * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.6.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211045 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 29 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2023 12:30:04 -0000 Subject: SUSE-RU-2023:2307-1: low: Recommended update for kbd Message-ID: <168536340487.14858.7299535367202090179@smelt2.suse.de> # Recommended update for kbd Announcement ID: SUSE-RU-2023:2307-1 Rating: low References: * #1210702 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for kbd fixes the following issue: * Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2307=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2307=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2307=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2307=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2307=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2307=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2307=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2307=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * openSUSE Leap Micro 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * openSUSE Leap 15.4 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 * Basesystem Module 15-SP4 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * Basesystem Module 15-SP5 (noarch) * kbd-legacy-2.4.0-150400.5.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kbd-debuginfo-2.4.0-150400.5.6.1 * kbd-debugsource-2.4.0-150400.5.6.1 * kbd-2.4.0-150400.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210702 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon May 29 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2023 20:30:04 -0000 Subject: SUSE-RU-2023:2309-1: important: Recommended update for xrdp Message-ID: <168539220400.7352.6168021684150619942@smelt2.suse.de> # Recommended update for xrdp Announcement ID: SUSE-RU-2023:2309-1 Rating: important References: * #1211652 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for xrdp fixes the following issues: * Fixed failures during start caused by issues with the version field handling (bsc#1211652). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2309=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2309=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2309=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2309=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2309=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * xrdp-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debugsource-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.33.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * xrdp-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debugsource-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * xrdp-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debugsource-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.33.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * xrdp-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debugsource-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.33.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * xrdp-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debugsource-0.9.0~git.1456906198.f422461-21.33.1 * xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211652 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 07:05:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 09:05:48 +0200 (CEST) Subject: SUSE-CU-2023:1659-1: Security update of bci/openjdk-devel Message-ID: <20230530070548.196FEFBB2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1659-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.112 Container Release : 39.112 Severity : important Type : security References : 1203141 1207410 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2269-1 Released: Mon May 22 14:50:34 2023 Summary: Feature update for javapackages-tools Type: feature Severity: moderate References: This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed The following package changes have been done: - libudev1-249.16-150400.8.28.3 updated - libsystemd0-249.16-150400.8.28.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - javapackages-filesystem-6.1.0-150200.3.7.1 updated - javapackages-tools-6.1.0-150200.3.7.1 updated - container:bci-openjdk-11-15.4.11-35.58 updated From sle-updates at lists.suse.com Tue May 30 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 08:30:02 -0000 Subject: SUSE-SU-2023:2313-1: important: Security update for c-ares Message-ID: <168543540240.16924.13236575492920277279@smelt2.suse.de> # Security update for c-ares Announcement ID: SUSE-SU-2023:2313-1 Rating: important References: * #1211604 * #1211605 * #1211606 * #1211607 Cross-References: * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for c-ares fixes the following issues: Update to version 1.19.1: * CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) * CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) * CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) * CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) * Fix uninitialized memory warning in test * ares_getaddrinfo() should allow a port of 0 * Fix memory leak in ares_send() on error * Fix comment style in ares_data.h * Fix typo in ares_init_options.3 * Sync ax_pthread.m4 with upstream * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2313=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2313=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2313=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2313=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2313=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2313=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2313=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2313=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2313=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2313=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2313=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2313=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2313=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2313=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2313=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2313=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2313=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2313=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2313=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2313=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2313=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2313=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2313=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2313=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2313=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2313=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2313=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2313=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.1-150000.3.23.1 * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-utils-1.19.1-150000.3.23.1 * c-ares-utils-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libcares2-32bit-debuginfo-1.19.1-150000.3.23.1 * libcares2-32bit-1.19.1-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * c-ares-devel-1.19.1-150000.3.23.1 * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-utils-1.19.1-150000.3.23.1 * c-ares-utils-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libcares2-32bit-debuginfo-1.19.1-150000.3.23.1 * libcares2-32bit-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Manager Proxy 4.2 (x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-devel-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcares2-debuginfo-1.19.1-150000.3.23.1 * c-ares-debugsource-1.19.1-150000.3.23.1 * libcares2-1.19.1-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 08:30:09 -0000 Subject: SUSE-SU-2023:2312-1: important: Security update for go1.18-openssl Message-ID: <168543540972.16924.1272182999416514117@smelt2.suse.de> # Security update for go1.18-openssl Announcement ID: SUSE-SU-2023:2312-1 Rating: important References: * #1183043 * #1193742 * #1198423 * #1198424 * #1198427 * #1199413 * #1200134 * #1200135 * #1200136 * #1200137 * #1201434 * #1201436 * #1201437 * #1201440 * #1201443 * #1201444 * #1201445 * #1201447 * #1201448 * #1202035 * #1203185 * #1204023 * #1204024 * #1204025 * #1204941 * #1206134 * #1206135 * #1208270 * #1208271 * #1208272 * #1208491 Cross-References: * CVE-2022-1705 * CVE-2022-1962 * CVE-2022-24675 * CVE-2022-27536 * CVE-2022-27664 * CVE-2022-28131 * CVE-2022-28327 * CVE-2022-2879 * CVE-2022-2880 * CVE-2022-29526 * CVE-2022-29804 * CVE-2022-30580 * CVE-2022-30629 * CVE-2022-30630 * CVE-2022-30631 * CVE-2022-30632 * CVE-2022-30633 * CVE-2022-30634 * CVE-2022-30635 * CVE-2022-32148 * CVE-2022-32189 * CVE-2022-41715 * CVE-2022-41716 * CVE-2022-41717 * CVE-2022-41720 * CVE-2022-41723 * CVE-2022-41724 * CVE-2022-41725 CVSS scores: * CVE-2022-1705 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-1705 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2022-1962 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-1962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-24675 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-24675 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28131 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28131 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28327 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28327 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2879 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2879 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2880 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-2880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-29526 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29526 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-29804 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2022-29804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30580 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-30580 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-30629 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-30629 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2022-30630 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30631 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30631 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30632 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30632 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30633 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30633 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30634 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-30634 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30635 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32148 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-32148 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2022-32189 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-32189 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41716 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N * CVE-2022-41716 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-41717 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41717 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-41720 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 28 vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for go1.18-openssl fixes the following issues: * Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962) * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared * Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other * Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline * Update to version 1.18.10.1 cut from the go1.18-openssl-fips branch at the revision tagged go1.18.10-1-openssl-fips. * Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips * Merge go1.18.10 into dev.boringcrypto.go1.18 * go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. Refs bsc#1193742 go1.18 release tracking * go#57705 misc/cgo: backport needed for dlltool fix * go#57426 crypto/x509: Verify on macOS does not return typed errors * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57213 os: TestLstat failure on Linux Aarch64 * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57057 cmd/go: remove test dependency on gopkg.in service * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#57044 cgo: malformed DWARF TagVariable entry * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14 * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56323 net/http: bad handling of HEAD requests with a body ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2312=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2312=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2312=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2312=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2312=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2312=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2312=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2312=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * openSUSE Leap 15.5 (aarch64 x86_64) * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.18-openssl-1.18.10.1-150000.1.9.1 * go1.18-openssl-race-1.18.10.1-150000.1.9.1 * go1.18-openssl-doc-1.18.10.1-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1705.html * https://www.suse.com/security/cve/CVE-2022-1962.html * https://www.suse.com/security/cve/CVE-2022-24675.html * https://www.suse.com/security/cve/CVE-2022-27536.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-28131.html * https://www.suse.com/security/cve/CVE-2022-28327.html * https://www.suse.com/security/cve/CVE-2022-2879.html * https://www.suse.com/security/cve/CVE-2022-2880.html * https://www.suse.com/security/cve/CVE-2022-29526.html * https://www.suse.com/security/cve/CVE-2022-29804.html * https://www.suse.com/security/cve/CVE-2022-30580.html * https://www.suse.com/security/cve/CVE-2022-30629.html * https://www.suse.com/security/cve/CVE-2022-30630.html * https://www.suse.com/security/cve/CVE-2022-30631.html * https://www.suse.com/security/cve/CVE-2022-30632.html * https://www.suse.com/security/cve/CVE-2022-30633.html * https://www.suse.com/security/cve/CVE-2022-30634.html * https://www.suse.com/security/cve/CVE-2022-30635.html * https://www.suse.com/security/cve/CVE-2022-32148.html * https://www.suse.com/security/cve/CVE-2022-32189.html * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-41716.html * https://www.suse.com/security/cve/CVE-2022-41717.html * https://www.suse.com/security/cve/CVE-2022-41720.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2022-41724.html * https://www.suse.com/security/cve/CVE-2022-41725.html * https://bugzilla.suse.com/show_bug.cgi?id=1183043 * https://bugzilla.suse.com/show_bug.cgi?id=1193742 * https://bugzilla.suse.com/show_bug.cgi?id=1198423 * https://bugzilla.suse.com/show_bug.cgi?id=1198424 * https://bugzilla.suse.com/show_bug.cgi?id=1198427 * https://bugzilla.suse.com/show_bug.cgi?id=1199413 * https://bugzilla.suse.com/show_bug.cgi?id=1200134 * https://bugzilla.suse.com/show_bug.cgi?id=1200135 * https://bugzilla.suse.com/show_bug.cgi?id=1200136 * https://bugzilla.suse.com/show_bug.cgi?id=1200137 * https://bugzilla.suse.com/show_bug.cgi?id=1201434 * https://bugzilla.suse.com/show_bug.cgi?id=1201436 * https://bugzilla.suse.com/show_bug.cgi?id=1201437 * https://bugzilla.suse.com/show_bug.cgi?id=1201440 * https://bugzilla.suse.com/show_bug.cgi?id=1201443 * https://bugzilla.suse.com/show_bug.cgi?id=1201444 * https://bugzilla.suse.com/show_bug.cgi?id=1201445 * https://bugzilla.suse.com/show_bug.cgi?id=1201447 * https://bugzilla.suse.com/show_bug.cgi?id=1201448 * https://bugzilla.suse.com/show_bug.cgi?id=1202035 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1204023 * https://bugzilla.suse.com/show_bug.cgi?id=1204024 * https://bugzilla.suse.com/show_bug.cgi?id=1204025 * https://bugzilla.suse.com/show_bug.cgi?id=1204941 * https://bugzilla.suse.com/show_bug.cgi?id=1206134 * https://bugzilla.suse.com/show_bug.cgi?id=1206135 * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1208271 * https://bugzilla.suse.com/show_bug.cgi?id=1208272 * https://bugzilla.suse.com/show_bug.cgi?id=1208491 * https://jira.suse.com/browse/PED-1962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 08:30:11 -0000 Subject: SUSE-RU-2023:2311-1: moderate: Recommended update for s390-tools Message-ID: <168543541152.16924.4050446166610139178@smelt2.suse.de> # Recommended update for s390-tools Announcement ID: SUSE-RU-2023:2311-1 Rating: moderate References: * #1211318 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for s390-tools fixes the following issues: * Fix error during evaluation of ziomon data for disk type SCSI devices without block dev (bsc#1211318) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2311=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2311=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2311=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2311=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2311=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2311=1 ## Package List: * openSUSE Leap 15.4 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * osasnmpd-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * s390-tools-zdsfs-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.21.1 * osasnmpd-debuginfo-2.19.0-150400.7.21.1 * s390-tools-hmcdrvfs-2.19.0-150400.7.21.1 * libkmipclient1-devel-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-devel-2.19.0-150400.7.21.1 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.21.1 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 * Basesystem Module 15-SP4 (s390x) * libkmipclient1-debuginfo-2.19.0-150400.7.21.1 * osasnmpd-2.19.0-150400.7.21.1 * libekmfweb1-2.19.0-150400.7.21.1 * s390-tools-2.19.0-150400.7.21.1 * s390-tools-zdsfs-2.19.0-150400.7.21.1 * s390-tools-debuginfo-2.19.0-150400.7.21.1 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.21.1 * osasnmpd-debuginfo-2.19.0-150400.7.21.1 * s390-tools-hmcdrvfs-2.19.0-150400.7.21.1 * s390-tools-debugsource-2.19.0-150400.7.21.1 * libekmfweb1-debuginfo-2.19.0-150400.7.21.1 * libekmfweb1-devel-2.19.0-150400.7.21.1 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.21.1 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.21.1 * libkmipclient1-2.19.0-150400.7.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211318 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 08:30:12 -0000 Subject: SUSE-RU-2023:2310-1: moderate: Recommended update for s390-tools Message-ID: <168543541281.16924.844104872441356452@smelt2.suse.de> # Recommended update for s390-tools Announcement ID: SUSE-RU-2023:2310-1 Rating: moderate References: * #1211317 Affected Products: * SUSE Linux Enterprise Server 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for s390-tools fixes the following issues: * Fix error during evaluation of ziomon data for disk type SCSI devices without block dev (bsc#1211318) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2310=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 (s390x) * osasnmpd-debuginfo-2.1.0-18.47.1 * s390-tools-debugsource-2.1.0-18.47.1 * s390-tools-hmcdrvfs-2.1.0-18.47.1 * osasnmpd-2.1.0-18.47.1 * s390-tools-zdsfs-debuginfo-2.1.0-18.47.1 * s390-tools-2.1.0-18.47.1 * s390-tools-debuginfo-2.1.0-18.47.1 * s390-tools-hmcdrvfs-debuginfo-2.1.0-18.47.1 * s390-tools-zdsfs-2.1.0-18.47.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211317 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2332-1: important: Security update for openssl Message-ID: <168546420306.23583.15552689125006046586@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:2332-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2332=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-hmac-1.0.2j-60.95.1 * libopenssl1_0_0-32bit-1.0.2j-60.95.1 * openssl-debuginfo-1.0.2j-60.95.1 * libopenssl1_0_0-debuginfo-1.0.2j-60.95.1 * openssl-debugsource-1.0.2j-60.95.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.95.1 * libopenssl1_0_0-1.0.2j-60.95.1 * libopenssl-devel-1.0.2j-60.95.1 * openssl-1.0.2j-60.95.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.95.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.95.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:05 -0000 Subject: SUSE-SU-2023:2331-1: important: Security update for openssl-1_0_0 Message-ID: <168546420500.23583.6710884337695032184@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:2331-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2331=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2331=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2331=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2331=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2331=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2331=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2331=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2331=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2331=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2331=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2331=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2331=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2331=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2331=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.76.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.76.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.76.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.76.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.76.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.76.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.76.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.76.1 * openSUSE Leap 15.5 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.76.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * libopenssl10-debuginfo-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl10-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1 * openssl-1_0_0-1.0.2p-150000.3.76.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.76.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.76.1 * libopenssl1_0_0-1.0.2p-150000.3.76.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2330-1: important: Security update for openssl-1_0_0 Message-ID: <168546420696.23583.6363092972352771935@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:2330-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2330=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2330=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2330=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2330=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2330=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2330=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2330=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2330=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2330=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE OpenStack Cloud 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-3.75.1 * openssl-1_0_0-debuginfo-1.0.2p-3.75.1 * openssl-1_0_0-debugsource-1.0.2p-3.75.1 * libopenssl1_0_0-hmac-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.75.1 * libopenssl1_0_0-1.0.2p-3.75.1 * libopenssl-1_0_0-devel-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.75.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-32bit-1.0.2p-3.75.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.75.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2329-1: important: Security update for compat-openssl098 Message-ID: <168546420887.23583.2439062171673295671@smelt2.suse.de> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:2329-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-2329=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2329=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-2329=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.51.1 * libopenssl0_9_8-0.9.8j-106.51.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.51.1 * libopenssl0_9_8-32bit-0.9.8j-106.51.1 * compat-openssl098-debugsource-0.9.8j-106.51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * compat-openssl098-debugsource-0.9.8j-106.51.1 * libopenssl0_9_8-0.9.8j-106.51.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * compat-openssl098-debugsource-0.9.8j-106.51.1 * libopenssl0_9_8-0.9.8j-106.51.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2328-1: important: Security update for openssl-1_1 Message-ID: <168546421081.23583.15774636126934794581@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2328-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2328=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2328=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2328=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2328=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2328=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2328=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2328=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2328=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2328=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_1-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_1-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl-1_1-devel-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.84.1 * openssl-1_1-1.1.1d-2.84.1 * openssl-1_1-debugsource-1.1.1d-2.84.1 * libopenssl1_1-hmac-1.1.1d-2.84.1 * openssl-1_1-debuginfo-1.1.1d-2.84.1 * libopenssl1_1-debuginfo-1.1.1d-2.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.84.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.84.1 * libopenssl1_1-32bit-1.1.1d-2.84.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:12 -0000 Subject: SUSE-SU-2023:2327-1: important: Security update for openssl-1_1 Message-ID: <168546421258.23583.7913355966832384096@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2327-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2327=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2327=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2327=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-1.1.0i-150100.14.51.1 * openssl-1_1-1.1.0i-150100.14.51.1 * libopenssl1_1-hmac-1.1.0i-150100.14.51.1 * openssl-1_1-debugsource-1.1.0i-150100.14.51.1 * libopenssl1_1-1.1.0i-150100.14.51.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.51.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.51.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-1.1.0i-150100.14.51.1 * openssl-1_1-1.1.0i-150100.14.51.1 * libopenssl1_1-hmac-1.1.0i-150100.14.51.1 * openssl-1_1-debugsource-1.1.0i-150100.14.51.1 * libopenssl1_1-1.1.0i-150100.14.51.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.51.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-1.1.0i-150100.14.51.1 * openssl-1_1-1.1.0i-150100.14.51.1 * libopenssl1_1-hmac-1.1.0i-150100.14.51.1 * openssl-1_1-debugsource-1.1.0i-150100.14.51.1 * libopenssl1_1-1.1.0i-150100.14.51.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.51.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.51.1 * openssl-1_1-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.51.1 * libopenssl-1_1-devel-1.1.0i-150100.14.51.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.51.1 * libopenssl1_1-hmac-1.1.0i-150100.14.51.1 * libopenssl1_1-32bit-1.1.0i-150100.14.51.1 * openssl-1_1-debugsource-1.1.0i-150100.14.51.1 * libopenssl1_1-1.1.0i-150100.14.51.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:15 -0000 Subject: SUSE-SU-2023:2326-1: important: Security update for amazon-ssm-agent Message-ID: <168546421536.23583.16280856169545628107@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:2326-1 Rating: important References: * #1200441 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2326=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2326=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2326=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2326=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2326=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:17 -0000 Subject: SUSE-SU-2023:2325-1: important: Security update for cni Message-ID: <168546421721.23583.17493492958781605432@smelt2.suse.de> # Security update for cni Announcement ID: SUSE-SU-2023:2325-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of cni fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2325=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2325=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2325=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2325=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2325=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2325=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2325=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2325=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2325=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2325=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2325=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2325=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2325=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2325=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2325=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2325=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2325=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2325=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2325=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2325=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2325=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2325=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2325=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2325=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cni-0.7.1-150100.3.10.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:19 -0000 Subject: SUSE-SU-2023:2324-1: important: Security update for cni-plugins Message-ID: <168546421935.23583.4795062569010704938@smelt2.suse.de> # Security update for cni-plugins Announcement ID: SUSE-SU-2023:2324-1 Rating: important References: * #1200441 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2324=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2324=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2324=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2324=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2324=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2324=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2324=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2324=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2324=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2324=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2324=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2324=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2324=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2324=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2324=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2324=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2324=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2324=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2324=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2324=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2324=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2324=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2324=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2324=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:22 -0000 Subject: SUSE-SU-2023:2323-1: important: Security update for terraform Message-ID: <168546422205.23583.14014681755979271688@smelt2.suse.de> # Security update for terraform Announcement ID: SUSE-SU-2023:2323-1 Rating: important References: * #1200441 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of terraform fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2323=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-0.13.4-150100.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:23 -0000 Subject: SUSE-SU-2023:2322-1: important: Security update for terraform-provider-helm Message-ID: <168546422372.23583.7938557296980041633@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:2322-1 Rating: important References: * #1200441 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2322=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2322=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2322=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2322=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:26 -0000 Subject: SUSE-SU-2023:2321-1: moderate: Security update for tiff Message-ID: <168546422667.23583.16186834345719848893@smelt2.suse.de> # Security update for tiff Announcement ID: SUSE-SU-2023:2321-1 Rating: moderate References: * #1208226 * #1208227 * #1208228 * #1208229 * #1208230 * #1208231 * #1208232 * #1208233 * #1208234 * #1208236 Cross-References: * CVE-2023-0795 * CVE-2023-0796 * CVE-2023-0797 * CVE-2023-0798 * CVE-2023-0799 * CVE-2023-0800 * CVE-2023-0801 * CVE-2023-0802 * CVE-2023-0803 * CVE-2023-0804 CVSS scores: * CVE-2023-0795 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0795 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0796 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0796 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0797 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0797 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0798 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0798 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0799 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0799 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0800 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0800 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0801 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0801 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0802 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0802 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0803 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0803 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0804 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0804 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2321=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2321=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2321=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2321=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-44.68.1 * libtiff-devel-4.0.9-44.68.1 * tiff-debuginfo-4.0.9-44.68.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tiff-4.0.9-44.68.1 * tiff-debuginfo-4.0.9-44.68.1 * tiff-debugsource-4.0.9-44.68.1 * libtiff5-4.0.9-44.68.1 * libtiff5-debuginfo-4.0.9-44.68.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-32bit-4.0.9-44.68.1 * libtiff5-debuginfo-32bit-4.0.9-44.68.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-44.68.1 * tiff-debuginfo-4.0.9-44.68.1 * tiff-debugsource-4.0.9-44.68.1 * libtiff5-4.0.9-44.68.1 * libtiff5-debuginfo-4.0.9-44.68.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-32bit-4.0.9-44.68.1 * libtiff5-debuginfo-32bit-4.0.9-44.68.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tiff-4.0.9-44.68.1 * tiff-debuginfo-4.0.9-44.68.1 * tiff-debugsource-4.0.9-44.68.1 * libtiff5-4.0.9-44.68.1 * libtiff5-debuginfo-4.0.9-44.68.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-32bit-4.0.9-44.68.1 * libtiff5-debuginfo-32bit-4.0.9-44.68.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0795.html * https://www.suse.com/security/cve/CVE-2023-0796.html * https://www.suse.com/security/cve/CVE-2023-0797.html * https://www.suse.com/security/cve/CVE-2023-0798.html * https://www.suse.com/security/cve/CVE-2023-0799.html * https://www.suse.com/security/cve/CVE-2023-0800.html * https://www.suse.com/security/cve/CVE-2023-0801.html * https://www.suse.com/security/cve/CVE-2023-0802.html * https://www.suse.com/security/cve/CVE-2023-0803.html * https://www.suse.com/security/cve/CVE-2023-0804.html * https://bugzilla.suse.com/show_bug.cgi?id=1208226 * https://bugzilla.suse.com/show_bug.cgi?id=1208227 * https://bugzilla.suse.com/show_bug.cgi?id=1208228 * https://bugzilla.suse.com/show_bug.cgi?id=1208229 * https://bugzilla.suse.com/show_bug.cgi?id=1208230 * https://bugzilla.suse.com/show_bug.cgi?id=1208231 * https://bugzilla.suse.com/show_bug.cgi?id=1208232 * https://bugzilla.suse.com/show_bug.cgi?id=1208233 * https://bugzilla.suse.com/show_bug.cgi?id=1208234 * https://bugzilla.suse.com/show_bug.cgi?id=1208236 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:29 -0000 Subject: SUSE-SU-2023:2320-1: moderate: Security update for wireshark Message-ID: <168546422903.23583.17424466596130878771@smelt2.suse.de> # Security update for wireshark Announcement ID: SUSE-SU-2023:2320-1 Rating: moderate References: * #1211703 * #1211705 * #1211706 * #1211707 * #1211710 * #1211793 Cross-References: * CVE-2023-0668 * CVE-2023-2855 * CVE-2023-2856 * CVE-2023-2857 * CVE-2023-2858 * CVE-2023-2859 CVSS scores: * CVE-2023-0668 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2855 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2856 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2856 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2857 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2857 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2858 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2858 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2859 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues: Updated to version 3.6.14: * CVE-2023-2855: Fixed a crash in the Candump log file parser (boo#1211703). * CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser (boo#1211707). * CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705). * CVE-2023-2858: Fixed a crash in the NetScaler file parser (boo#1211706). * CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor dissector (boo#1211710). * CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793). Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2320=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2320=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2320=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2320=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2320=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2320=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2320=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * libwiretap12-debuginfo-3.6.14-150000.3.92.1 * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-3.6.14-150000.3.92.1 * wireshark-ui-qt-debuginfo-3.6.14-150000.3.92.1 * wireshark-devel-3.6.14-150000.3.92.1 * libwiretap12-3.6.14-150000.3.92.1 * wireshark-ui-qt-3.6.14-150000.3.92.1 * libwsutil13-3.6.14-150000.3.92.1 * libwireshark15-3.6.14-150000.3.92.1 * libwireshark15-debuginfo-3.6.14-150000.3.92.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * libwiretap12-debuginfo-3.6.14-150000.3.92.1 * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-3.6.14-150000.3.92.1 * wireshark-ui-qt-debuginfo-3.6.14-150000.3.92.1 * wireshark-devel-3.6.14-150000.3.92.1 * libwiretap12-3.6.14-150000.3.92.1 * wireshark-ui-qt-3.6.14-150000.3.92.1 * libwsutil13-3.6.14-150000.3.92.1 * libwireshark15-3.6.14-150000.3.92.1 * libwireshark15-debuginfo-3.6.14-150000.3.92.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * libwiretap12-debuginfo-3.6.14-150000.3.92.1 * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-3.6.14-150000.3.92.1 * libwiretap12-3.6.14-150000.3.92.1 * libwsutil13-3.6.14-150000.3.92.1 * libwireshark15-3.6.14-150000.3.92.1 * libwireshark15-debuginfo-3.6.14-150000.3.92.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * libwiretap12-debuginfo-3.6.14-150000.3.92.1 * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-3.6.14-150000.3.92.1 * libwiretap12-3.6.14-150000.3.92.1 * libwsutil13-3.6.14-150000.3.92.1 * libwireshark15-3.6.14-150000.3.92.1 * libwireshark15-debuginfo-3.6.14-150000.3.92.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-ui-qt-debuginfo-3.6.14-150000.3.92.1 * wireshark-devel-3.6.14-150000.3.92.1 * wireshark-ui-qt-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-ui-qt-debuginfo-3.6.14-150000.3.92.1 * wireshark-devel-3.6.14-150000.3.92.1 * wireshark-ui-qt-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libwsutil13-debuginfo-3.6.14-150000.3.92.1 * wireshark-debuginfo-3.6.14-150000.3.92.1 * libwiretap12-debuginfo-3.6.14-150000.3.92.1 * wireshark-debugsource-3.6.14-150000.3.92.1 * wireshark-3.6.14-150000.3.92.1 * wireshark-ui-qt-debuginfo-3.6.14-150000.3.92.1 * wireshark-devel-3.6.14-150000.3.92.1 * libwiretap12-3.6.14-150000.3.92.1 * wireshark-ui-qt-3.6.14-150000.3.92.1 * libwsutil13-3.6.14-150000.3.92.1 * libwireshark15-3.6.14-150000.3.92.1 * libwireshark15-debuginfo-3.6.14-150000.3.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0668.html * https://www.suse.com/security/cve/CVE-2023-2855.html * https://www.suse.com/security/cve/CVE-2023-2856.html * https://www.suse.com/security/cve/CVE-2023-2857.html * https://www.suse.com/security/cve/CVE-2023-2858.html * https://www.suse.com/security/cve/CVE-2023-2859.html * https://bugzilla.suse.com/show_bug.cgi?id=1211703 * https://bugzilla.suse.com/show_bug.cgi?id=1211705 * https://bugzilla.suse.com/show_bug.cgi?id=1211706 * https://bugzilla.suse.com/show_bug.cgi?id=1211707 * https://bugzilla.suse.com/show_bug.cgi?id=1211710 * https://bugzilla.suse.com/show_bug.cgi?id=1211793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:30 -0000 Subject: SUSE-SU-2023:2319-1: important: Security update for tomcat Message-ID: <168546423081.23583.15166930584014664929@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:2319-1 Rating: important References: * #1211608 Cross-References: * CVE-2023-28709 CVSS scores: * CVE-2023-28709 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2319=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * tomcat-admin-webapps-8.0.53-29.66.1 * tomcat-javadoc-8.0.53-29.66.1 * tomcat-lib-8.0.53-29.66.1 * tomcat-8.0.53-29.66.1 * tomcat-jsp-2_3-api-8.0.53-29.66.1 * tomcat-docs-webapp-8.0.53-29.66.1 * tomcat-webapps-8.0.53-29.66.1 * tomcat-el-3_0-api-8.0.53-29.66.1 * tomcat-servlet-3_1-api-8.0.53-29.66.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28709.html * https://bugzilla.suse.com/show_bug.cgi?id=1211608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:32 -0000 Subject: SUSE-SU-2023:2318-1: important: Security update for tomcat Message-ID: <168546423271.23583.10195637348112777665@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:2318-1 Rating: important References: * #1211608 Cross-References: * CVE-2023-28709 CVSS scores: * CVE-2023-28709 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2318=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2318=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2318=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2318=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2318=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2318=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2318=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2318=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-jsp-2_3-api-9.0.36-3.105.1 * tomcat-lib-9.0.36-3.105.1 * tomcat-javadoc-9.0.36-3.105.1 * tomcat-webapps-9.0.36-3.105.1 * tomcat-docs-webapp-9.0.36-3.105.1 * tomcat-9.0.36-3.105.1 * tomcat-admin-webapps-9.0.36-3.105.1 * tomcat-el-3_0-api-9.0.36-3.105.1 * tomcat-servlet-4_0-api-9.0.36-3.105.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28709.html * https://bugzilla.suse.com/show_bug.cgi?id=1211608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:34 -0000 Subject: SUSE-RU-2023:2317-1: moderate: Recommended update for util-linux Message-ID: <168546423466.23583.8188805665018234928@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2317-1 Rating: moderate References: * #1210164 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issue: * Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2317=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2317=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2317=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2317=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2317=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2317=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2317=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2317=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * libfdisk-devel-2.37.2-150400.8.17.1 * python3-libmount-debugsource-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * uuidd-debuginfo-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols-devel-2.37.2-150400.8.17.1 * libblkid-devel-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libblkid-devel-static-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid-devel-static-2.37.2-150400.8.17.1 * python3-libmount-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libuuid-devel-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * uuidd-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * libmount-devel-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * python3-libmount-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libmount-devel-static-2.37.2-150400.8.17.1 * libfdisk-devel-static-2.37.2-150400.8.17.1 * libsmartcols-devel-static-2.37.2-150400.8.17.1 * openSUSE Leap 15.4 (x86_64) * libmount1-32bit-debuginfo-2.37.2-150400.8.17.1 * libuuid1-32bit-debuginfo-2.37.2-150400.8.17.1 * libblkid1-32bit-2.37.2-150400.8.17.1 * libmount-devel-32bit-2.37.2-150400.8.17.1 * libfdisk1-32bit-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-32bit-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-32bit-2.37.2-150400.8.17.1 * libmount1-32bit-2.37.2-150400.8.17.1 * libuuid-devel-32bit-2.37.2-150400.8.17.1 * libuuid1-32bit-2.37.2-150400.8.17.1 * libfdisk-devel-32bit-2.37.2-150400.8.17.1 * libblkid1-32bit-debuginfo-2.37.2-150400.8.17.1 * libsmartcols-devel-32bit-2.37.2-150400.8.17.1 * libfdisk1-32bit-2.37.2-150400.8.17.1 * libblkid-devel-32bit-2.37.2-150400.8.17.1 * openSUSE Leap 15.4 (noarch) * util-linux-lang-2.37.2-150400.8.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libblkid1-debuginfo-2.37.2-150400.8.17.1 * libfdisk-devel-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 * util-linux-systemd-2.37.2-150400.8.17.1 * libuuid1-debuginfo-2.37.2-150400.8.17.1 * libsmartcols-devel-2.37.2-150400.8.17.1 * libblkid-devel-2.37.2-150400.8.17.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * libblkid-devel-static-2.37.2-150400.8.17.1 * libmount1-debuginfo-2.37.2-150400.8.17.1 * libblkid1-2.37.2-150400.8.17.1 * libuuid-devel-static-2.37.2-150400.8.17.1 * util-linux-debugsource-2.37.2-150400.8.17.1 * libuuid-devel-2.37.2-150400.8.17.1 * util-linux-2.37.2-150400.8.17.1 * libuuid1-2.37.2-150400.8.17.1 * libfdisk1-2.37.2-150400.8.17.1 * libmount-devel-2.37.2-150400.8.17.1 * libmount1-2.37.2-150400.8.17.1 * libsmartcols1-2.37.2-150400.8.17.1 * libsmartcols1-debuginfo-2.37.2-150400.8.17.1 * libfdisk1-debuginfo-2.37.2-150400.8.17.1 * util-linux-debuginfo-2.37.2-150400.8.17.1 * Basesystem Module 15-SP4 (noarch) * util-linux-lang-2.37.2-150400.8.17.1 * Basesystem Module 15-SP4 (x86_64) * libmount1-32bit-debuginfo-2.37.2-150400.8.17.1 * libuuid1-32bit-debuginfo-2.37.2-150400.8.17.1 * libblkid1-32bit-2.37.2-150400.8.17.1 * libmount1-32bit-2.37.2-150400.8.17.1 * libuuid1-32bit-2.37.2-150400.8.17.1 * libblkid1-32bit-debuginfo-2.37.2-150400.8.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * util-linux-systemd-debuginfo-2.37.2-150400.8.17.1 * uuidd-2.37.2-150400.8.17.1 * uuidd-debuginfo-2.37.2-150400.8.17.1 * util-linux-systemd-debugsource-2.37.2-150400.8.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:35 -0000 Subject: SUSE-RU-2023:2316-1: moderate: Recommended update for kubernetes1.24 client Message-ID: <168546423591.23583.12532320959569423279@smelt2.suse.de> # Recommended update for kubernetes1.24 client Announcement ID: SUSE-RU-2023:2316-1 Rating: moderate References: Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that contains one feature can now be installed. ## Description: This update for kubernetes1.24 client fixes the following issues: This update ships the kubernetes 1.24 client. (jsc#PED-4120) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2316=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2316=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2316=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2316=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2316=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.24-client-common-1.24.13-150300.7.3.1 * kubernetes1.24-client-1.24.13-150300.7.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.24-client-common-1.24.13-150300.7.3.1 * kubernetes1.24-client-1.24.13-150300.7.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.13-150300.7.3.1 * kubernetes1.24-client-1.24.13-150300.7.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.24-client-common-1.24.13-150300.7.3.1 * kubernetes1.24-client-1.24.13-150300.7.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.24-client-common-1.24.13-150300.7.3.1 * kubernetes1.24-client-1.24.13-150300.7.3.1 ## References: * https://jira.suse.com/browse/PED-4120 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:37 -0000 Subject: SUSE-SU-2023:2315-1: moderate: Security update for installation-images Message-ID: <168546423769.23583.12161617206496539157@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2315-1 Rating: moderate References: * #1209188 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2315=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2315=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2315=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * tftpboot-installation-SLE-Micro-5.3-x86_64-16.57.21-150400.3.2.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * tftpboot-installation-SLE-Micro-5.3-x86_64-16.57.21-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.3-s390x-16.57.21-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.3-aarch64-16.57.21-150400.3.2.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * tftpboot-installation-SLE-Micro-5.3-x86_64-16.57.21-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.3-s390x-16.57.21-150400.3.2.1 * tftpboot-installation-SLE-Micro-5.3-aarch64-16.57.21-150400.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue May 30 16:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2023 16:30:40 -0000 Subject: SUSE-SU-2023:2314-1: moderate: Security update for libaom Message-ID: <168546424042.23583.7442392945058154259@smelt2.suse.de> # Security update for libaom Announcement ID: SUSE-SU-2023:2314-1 Rating: moderate References: * #1180033 Cross-References: * CVE-2020-0470 CVSS scores: * CVE-2020-0470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2020-0470 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for libaom fixes the following issues: * CVE-2020-0470: Fixed heap buffer overflow in extend_frame_highbd() (bsc#1180033). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2314=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2314=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libaom0-debuginfo-1.0.0-150200.3.15.1 * libaom0-1.0.0-150200.3.15.1 * openSUSE Leap 15.4 (x86_64) * libaom0-32bit-debuginfo-1.0.0-150200.3.15.1 * libaom0-32bit-1.0.0-150200.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libaom0-1.0.0-150200.3.15.1 * libaom0-debuginfo-1.0.0-150200.3.15.1 * libaom-debugsource-1.0.0-150200.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2020-0470.html * https://bugzilla.suse.com/show_bug.cgi?id=1180033 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 31 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:1661-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230531070433.92260FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1661-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.137 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.137 Severity : low Type : recommended References : 1210702 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated From sle-updates at lists.suse.com Wed May 31 07:05:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:05:11 +0200 (CEST) Subject: SUSE-CU-2023:1663-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230531070511.702EAFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1663-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.33 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.33 Severity : low Type : recommended References : 1210702 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated From sle-updates at lists.suse.com Wed May 31 07:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:07:36 +0200 (CEST) Subject: SUSE-CU-2023:1664-1: Security update of suse/sles12sp5 Message-ID: <20230531070736.4BD74FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1664-1 Container Tags : suse/sles12sp5:6.5.474 , suse/sles12sp5:latest Container Release : 6.5.474 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2330-1 Released: Tue May 30 16:49:19 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.75.1 updated - openssl-1_0_0-1.0.2p-3.75.1 updated From sle-updates at lists.suse.com Wed May 31 07:10:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:10:33 +0200 (CEST) Subject: SUSE-CU-2023:1665-1: Security update of suse/sle15 Message-ID: <20230531071033.D13CEFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1665-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.773 Container Release : 6.2.773 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2327-1 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.51.1 updated - openssl-1_1-1.1.0i-150100.14.51.1 updated From sle-updates at lists.suse.com Wed May 31 07:11:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:11:38 +0200 (CEST) Subject: SUSE-CU-2023:1666-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230531071138.6E6F2FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1666-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.32 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.32 Container Release : 31.32 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Wed May 31 07:11:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:11:53 +0200 (CEST) Subject: SUSE-CU-2023:1667-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230531071153.3D5A4FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1667-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.30 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.30 , bci/dotnet-aspnet:latest Container Release : 11.30 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:12:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:12:07 +0200 (CEST) Subject: SUSE-CU-2023:1668-1: Security update of suse/registry Message-ID: <20230531071207.0EF91FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1668-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-9.8 , suse/registry:latest Container Release : 9.8 Severity : moderate Type : security References : 1207705 1210428 CVE-2023-2253 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2298-1 Released: Thu May 25 12:41:30 2023 Summary: Security update for distribution Type: security Severity: moderate References: 1207705,1210428,CVE-2023-2253 This update for distribution fixes the following issues: Update to verison 2.8.2: - Revert registry/client: set `Accept: identity` header when getting layers - Parse `http` forbidden as denied - Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705) - Fix panic in inmemory driver - update to go1.19.9 - Add code to handle pagination of parts. Fixes max layer size of 10GB bug - Dockerfile: fix filenames of artifacts The following package changes have been done: - distribution-registry-2.8.2-150400.9.21.1 updated From sle-updates at lists.suse.com Wed May 31 07:12:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:12:08 +0200 (CEST) Subject: SUSE-CU-2023:1669-1: Recommended update of suse/registry Message-ID: <20230531071208.389D4FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1669-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-10.2 , suse/registry:latest Container Release : 10.2 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:13:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:13:15 +0200 (CEST) Subject: SUSE-CU-2023:1670-1: Recommended update of bci/dotnet-sdk Message-ID: <20230531071315.A20F7FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1670-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.30 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.30 Container Release : 33.30 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:13:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:13:35 +0200 (CEST) Subject: SUSE-CU-2023:1671-1: Recommended update of bci/dotnet-sdk Message-ID: <20230531071335.A2BBEFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1671-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.2 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-12.2 , bci/dotnet-sdk:latest Container Release : 12.2 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:14:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:14:31 +0200 (CEST) Subject: SUSE-CU-2023:1672-1: Recommended update of bci/dotnet-runtime Message-ID: <20230531071431.1511AFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1672-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.30 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.30 Container Release : 30.30 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:14:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:14:44 +0200 (CEST) Subject: SUSE-CU-2023:1673-1: Recommended update of bci/dotnet-runtime Message-ID: <20230531071444.B01DEFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1673-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.30 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.30 , bci/dotnet-runtime:latest Container Release : 11.30 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:15:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:15:23 +0200 (CEST) Subject: SUSE-CU-2023:1674-1: Recommended update of bci/golang Message-ID: <20230531071523.971B7FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1674-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.58 Container Release : 22.58 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:15:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:15:35 +0200 (CEST) Subject: SUSE-CU-2023:1675-1: Recommended update of bci/golang Message-ID: <20230531071535.26BACFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1675-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.57 , bci/golang:latest Container Release : 2.57 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:16:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:16:26 +0200 (CEST) Subject: SUSE-CU-2023:1676-1: Recommended update of bci/bci-init Message-ID: <20230531071626.25760FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1676-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.62 , bci/bci-init:latest Container Release : 26.62 Severity : low Type : recommended References : 1210702 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated From sle-updates at lists.suse.com Wed May 31 07:16:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:16:27 +0200 (CEST) Subject: SUSE-CU-2023:1677-1: Recommended update of bci/bci-init Message-ID: <20230531071627.703E0FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1677-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.63 , bci/bci-init:latest Container Release : 26.63 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:17:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:17:10 +0200 (CEST) Subject: SUSE-CU-2023:1678-1: Security update of bci/nodejs Message-ID: <20230531071710.3C183FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1678-1 Container Tags : bci/node:16 , bci/node:16-15.61 , bci/nodejs:16 , bci/nodejs:16-15.61 Container Release : 15.61 Severity : important Type : security References : 1210164 1211604 1211605 1211606 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated From sle-updates at lists.suse.com Wed May 31 07:17:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:17:24 +0200 (CEST) Subject: SUSE-CU-2023:1679-1: Security update of bci/nodejs Message-ID: <20230531071724.DA8E8FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1679-1 Container Tags : bci/node:18 , bci/node:18-3.58 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.58 , bci/nodejs:latest Container Release : 3.58 Severity : important Type : security References : 1210164 1211604 1211605 1211606 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated From sle-updates at lists.suse.com Wed May 31 07:18:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:18:29 +0200 (CEST) Subject: SUSE-CU-2023:1680-1: Recommended update of bci/openjdk-devel Message-ID: <20230531071829.C78B8FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1680-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.116 Container Release : 39.116 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:bci-openjdk-11-15.4.11-35.60 updated From sle-updates at lists.suse.com Wed May 31 07:19:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:19:23 +0200 (CEST) Subject: SUSE-CU-2023:1681-1: Recommended update of bci/openjdk Message-ID: <20230531071923.15205FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1681-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.60 Container Release : 35.60 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:19:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:19:57 +0200 (CEST) Subject: SUSE-CU-2023:1682-1: Recommended update of bci/openjdk-devel Message-ID: <20230531071957.41A9EFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1682-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.112 , bci/openjdk-devel:latest Container Release : 14.112 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:bci-openjdk-17-15.4.17-13.60 updated From sle-updates at lists.suse.com Wed May 31 07:35:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:35:14 +0200 (CEST) Subject: SUSE-CU-2023:1682-1: Recommended update of bci/openjdk-devel Message-ID: <20230531073514.F2234FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1682-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.112 , bci/openjdk-devel:latest Container Release : 14.112 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:bci-openjdk-17-15.4.17-13.60 updated From sle-updates at lists.suse.com Wed May 31 07:35:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:35:37 +0200 (CEST) Subject: SUSE-CU-2023:1683-1: Recommended update of bci/openjdk Message-ID: <20230531073537.25333FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1683-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.60 , bci/openjdk:latest Container Release : 13.60 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:35:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:35:45 +0200 (CEST) Subject: SUSE-CU-2023:1684-1: Security update of bci/php-apache Message-ID: <20230531073545.EAEA3FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1684-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.56 Container Release : 2.56 Severity : important Type : security References : 1203141 1207410 1210164 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Wed May 31 07:35:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:35:54 +0200 (CEST) Subject: SUSE-CU-2023:1685-1: Recommended update of bci/php-fpm Message-ID: <20230531073554.E6A40FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1685-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.55 Container Release : 2.55 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:36:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:36:04 +0200 (CEST) Subject: SUSE-CU-2023:1686-1: Recommended update of bci/php Message-ID: <20230531073604.4B074FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1686-1 Container Tags : bci/php:8 , bci/php:8-2.54 Container Release : 2.54 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:36:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:36:48 +0200 (CEST) Subject: SUSE-CU-2023:1688-1: Security update of bci/python Message-ID: <20230531073648.B6172FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1688-1 Container Tags : bci/python:3 , bci/python:3-35.56 , bci/python:3.6 , bci/python:3.6-35.56 Container Release : 35.56 Severity : important Type : security References : 1203141 1207410 1210164 1211230 1211231 1211232 1211233 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - curl-8.0.1-150400.5.23.1 updated - container:sles15-image-15.0.0-27.14.63 updated From sle-updates at lists.suse.com Wed May 31 07:37:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:37:21 +0200 (CEST) Subject: SUSE-CU-2023:1689-1: Recommended update of suse/sle15 Message-ID: <20230531073721.464FEFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1689-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.64 , suse/sle15:15.4 , suse/sle15:15.4.27.14.64 Container Release : 27.14.64 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Wed May 31 07:37:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 09:37:41 +0200 (CEST) Subject: SUSE-CU-2023:1690-1: Recommended update of bci/bci-init Message-ID: <20230531073741.578FDFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1690-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.129 Container Release : 4.129 Severity : low Type : recommended References : 1210702 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated From sle-updates at lists.suse.com Wed May 31 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2334-1: moderate: Security update for tiff Message-ID: <168552180311.23755.833736995208174757@smelt2.suse.de> # Security update for tiff Announcement ID: SUSE-SU-2023:2334-1 Rating: moderate References: * #1208226 * #1208227 * #1208228 * #1208229 * #1208230 * #1208231 * #1208232 * #1208233 * #1208234 * #1208236 Cross-References: * CVE-2023-0795 * CVE-2023-0796 * CVE-2023-0797 * CVE-2023-0798 * CVE-2023-0799 * CVE-2023-0800 * CVE-2023-0801 * CVE-2023-0802 * CVE-2023-0803 * CVE-2023-0804 CVSS scores: * CVE-2023-0795 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0795 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0796 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0796 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0797 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0797 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0798 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0798 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2023-0799 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0799 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0800 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0800 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0801 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0801 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0802 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0802 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0803 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0803 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-0804 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0804 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2334=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2334=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2334=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2334=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2334=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2334=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2334=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2334=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2334=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2334=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2334=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2334=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2334=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2334=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * openSUSE Leap 15.4 (x86_64) * libtiff-devel-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.28.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-150000.45.28.1 * libtiff-devel-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * tiff-debugsource-4.0.9-150000.45.28.1 * openSUSE Leap 15.5 (x86_64) * libtiff-devel-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-150000.45.28.1 * libtiff-devel-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * tiff-debugsource-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * tiff-debugsource-4.0.9-150000.45.28.1 * Basesystem Module 15-SP4 (x86_64) * libtiff5-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.28.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * tiff-debugsource-4.0.9-150000.45.28.1 * Basesystem Module 15-SP5 (x86_64) * libtiff5-32bit-4.0.9-150000.45.28.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.28.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * tiff-4.0.9-150000.45.28.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * tiff-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libtiff-devel-4.0.9-150000.45.28.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * tiff-debugsource-4.0.9-150000.45.28.1 * libtiff5-32bit-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.28.1 * tiff-debuginfo-4.0.9-150000.45.28.1 * libtiff5-debuginfo-4.0.9-150000.45.28.1 * libtiff5-4.0.9-150000.45.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0795.html * https://www.suse.com/security/cve/CVE-2023-0796.html * https://www.suse.com/security/cve/CVE-2023-0797.html * https://www.suse.com/security/cve/CVE-2023-0798.html * https://www.suse.com/security/cve/CVE-2023-0799.html * https://www.suse.com/security/cve/CVE-2023-0800.html * https://www.suse.com/security/cve/CVE-2023-0801.html * https://www.suse.com/security/cve/CVE-2023-0802.html * https://www.suse.com/security/cve/CVE-2023-0803.html * https://www.suse.com/security/cve/CVE-2023-0804.html * https://bugzilla.suse.com/show_bug.cgi?id=1208226 * https://bugzilla.suse.com/show_bug.cgi?id=1208227 * https://bugzilla.suse.com/show_bug.cgi?id=1208228 * https://bugzilla.suse.com/show_bug.cgi?id=1208229 * https://bugzilla.suse.com/show_bug.cgi?id=1208230 * https://bugzilla.suse.com/show_bug.cgi?id=1208231 * https://bugzilla.suse.com/show_bug.cgi?id=1208232 * https://bugzilla.suse.com/show_bug.cgi?id=1208233 * https://bugzilla.suse.com/show_bug.cgi?id=1208234 * https://bugzilla.suse.com/show_bug.cgi?id=1208236 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 31 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 08:30:05 -0000 Subject: SUSE-RU-2023:2333-1: moderate: Recommended update for zlib Message-ID: <168552180517.23755.4231469404119095602@smelt2.suse.de> # Recommended update for zlib Announcement ID: SUSE-RU-2023:2333-1 Rating: moderate References: * #1210593 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for zlib fixes the following issue: * Fix function calling order to avoid crashes (bsc#1210593) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2333=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2333=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2333=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2333=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2333=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2333=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2333=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2333=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2333=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2333=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2333=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2333=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2333=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2333=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2333=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2333=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2333=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2333=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2333=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2333=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2333=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2333=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2333=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2333=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2333=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2333=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2333=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * openSUSE Leap 15.4 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libminizip1-32bit-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-static-32bit-1.2.11-150000.3.45.1 * libminizip1-32bit-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * Basesystem Module 15-SP4 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * Development Tools Module 15-SP4 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Manager Proxy 4.2 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Manager Server 4.2 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Enterprise Storage 7.1 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Enterprise Storage 7 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * SUSE CaaS Platform 4.0 (x86_64) * zlib-devel-32bit-1.2.11-150000.3.45.1 * libz1-32bit-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-static-1.2.11-150000.3.45.1 * libminizip1-1.2.11-150000.3.45.1 * minizip-devel-1.2.11-150000.3.45.1 * libminizip1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * libz1-32bit-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-devel-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.45.1 * libz1-debuginfo-1.2.11-150000.3.45.1 * zlib-debugsource-1.2.11-150000.3.45.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210593 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed May 31 20:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2023 20:30:01 -0000 Subject: SUSE-RU-2023:2335-1: moderate: Recommended update for mksusecd Message-ID: <168556500198.7233.10889241633841552239@smelt2.suse.de> # Recommended update for mksusecd Announcement ID: SUSE-RU-2023:2335-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for mksusecd fixes the following issues: * support Live media (jsc#PED-2975) * create efi boot image, if missing * support grub hybrid boot code * show missing s390x file name correctly * adjust boot info table checksum in grub * better warning of insufficient file permissions ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2335=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2335=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mksusecd-debuginfo-2.10-150400.3.8.1 * mksusecd-2.10-150400.3.8.1 * mksusecd-debugsource-2.10-150400.3.8.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mksusecd-debuginfo-2.10-150400.3.8.1 * mksusecd-2.10-150400.3.8.1 * mksusecd-debugsource-2.10-150400.3.8.1 ## References: * https://jira.suse.com/browse/PED-2975 -------------- next part -------------- An HTML attachment was scrubbed... URL: