From sle-updates at lists.suse.com Wed Nov 1 08:04:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:04:06 +0100 (CET) Subject: SUSE-CU-2023:3634-1: Security update of suse/sle15 Message-ID: <20231101080406.1DC05F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3634-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.207 , suse/sle15:15.3 , suse/sle15:15.3.17.20.207 Container Release : 17.20.207 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated From sle-updates at lists.suse.com Wed Nov 1 08:04:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:04:39 +0100 (CET) Subject: SUSE-CU-2023:3635-1: Security update of bci/bci-init Message-ID: <20231101080439.AA35AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3635-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.20 Container Release : 30.20 Severity : important Type : security References : 1107342 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - systemd-249.16-150400.8.35.5 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Wed Nov 1 08:05:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:05:04 +0100 (CET) Subject: SUSE-CU-2023:3636-1: Recommended update of bci/nodejs Message-ID: <20231101080504.83BD4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3636-1 Container Tags : bci/node:16 , bci/node:16-18.16 , bci/nodejs:16 , bci/nodejs:16-18.16 Container Release : 18.16 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Wed Nov 1 08:05:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:05:49 +0100 (CET) Subject: SUSE-CU-2023:3637-1: Recommended update of suse/pcp Message-ID: <20231101080549.06AF9F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3637-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.176 , suse/pcp:5.2 , suse/pcp:5.2-17.176 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.176 Container Release : 17.176 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:bci-bci-init-15.4-15.4-30.20 updated From sle-updates at lists.suse.com Wed Nov 1 08:05:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:05:59 +0100 (CET) Subject: SUSE-CU-2023:3638-1: Recommended update of suse/postgres Message-ID: <20231101080559.C444EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3638-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.4 , suse/postgres:14.9 , suse/postgres:14.9-24.4 Container Release : 24.4 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Wed Nov 1 08:06:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:06:29 +0100 (CET) Subject: SUSE-CU-2023:3639-1: Recommended update of bci/python Message-ID: <20231101080629.4D896F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3639-1 Container Tags : bci/python:3 , bci/python:3-16.18 , bci/python:3.10 , bci/python:3.10-16.18 Container Release : 16.18 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Wed Nov 1 08:06:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:06:54 +0100 (CET) Subject: SUSE-CU-2023:3640-1: Security update of suse/sle15 Message-ID: <20231101080654.51FB5F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3640-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.116 , suse/sle15:15.4 , suse/sle15:15.4.27.14.116 Container Release : 27.14.116 Severity : important Type : security References : 1196647 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Wed Nov 1 08:07:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:07:03 +0100 (CET) Subject: SUSE-CU-2023:3641-1: Recommended update of suse/389-ds Message-ID: <20231101080703.A0E4FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3641-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.33 , suse/389-ds:latest Container Release : 16.33 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:07:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:07:15 +0100 (CET) Subject: SUSE-CU-2023:3642-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231101080715.E96A4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3642-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.6 , bci/dotnet-aspnet:6.0.24 , bci/dotnet-aspnet:6.0.24-17.6 Container Release : 17.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:07:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:07:29 +0100 (CET) Subject: SUSE-CU-2023:3643-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231101080729.B3333F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3643-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-17.6 , bci/dotnet-aspnet:7.0.13 , bci/dotnet-aspnet:7.0.13-17.6 , bci/dotnet-aspnet:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:07:36 +0100 (CET) Subject: SUSE-CU-2023:3644-1: Recommended update of suse/registry Message-ID: <20231101080736.57CC5F417@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3644-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.11 , suse/registry:latest Container Release : 15.11 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Wed Nov 1 08:07:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:07:50 +0100 (CET) Subject: SUSE-CU-2023:3645-1: Recommended update of bci/dotnet-sdk Message-ID: <20231101080750.88ADBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3645-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-16.6 , bci/dotnet-sdk:6.0.24 , bci/dotnet-sdk:6.0.24-16.6 Container Release : 16.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:03 +0100 (CET) Subject: SUSE-CU-2023:3646-1: Recommended update of bci/dotnet-sdk Message-ID: <20231101080803.81FFDF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3646-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-18.5 , bci/dotnet-sdk:7.0.13 , bci/dotnet-sdk:7.0.13-18.5 , bci/dotnet-sdk:latest Container Release : 18.5 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:14 +0100 (CET) Subject: SUSE-CU-2023:3647-1: Recommended update of bci/dotnet-runtime Message-ID: <20231101080814.BA065F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3647-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.5 , bci/dotnet-runtime:6.0.24 , bci/dotnet-runtime:6.0.24-16.5 Container Release : 16.5 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:26 +0100 (CET) Subject: SUSE-CU-2023:3648-1: Recommended update of bci/dotnet-runtime Message-ID: <20231101080826.344A7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3648-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-18.6 , bci/dotnet-runtime:7.0.13 , bci/dotnet-runtime:7.0.13-18.6 , bci/dotnet-runtime:latest Container Release : 18.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:37 +0100 (CET) Subject: SUSE-CU-2023:3649-1: Recommended update of bci/golang Message-ID: <20231101080837.EA532F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3649-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.32 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.32 Container Release : 4.32 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:40 +0100 (CET) Subject: SUSE-CU-2023:3650-1: Recommended update of bci/golang Message-ID: <20231101080840.B2D47F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3650-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.30 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.30 Container Release : 7.30 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:50 +0100 (CET) Subject: SUSE-CU-2023:3651-1: Security update of bci/bci-init Message-ID: <20231101080850.7C576F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3651-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.28 , bci/bci-init:latest Container Release : 10.28 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:08:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:56 +0100 (CET) Subject: SUSE-CU-2023:3652-1: Recommended update of suse/nginx Message-ID: <20231101080856.51134F417@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3652-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.28 , suse/nginx:latest Container Release : 5.28 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:09:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:09:06 +0100 (CET) Subject: SUSE-CU-2023:3653-1: Recommended update of bci/openjdk Message-ID: <20231101080906.6C1CBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3653-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.31 Container Release : 11.31 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Wed Nov 1 08:09:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:09:17 +0100 (CET) Subject: SUSE-CU-2023:3654-1: Recommended update of suse/pcp Message-ID: <20231101080917.CC738F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3654-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.50 , suse/pcp:5.2 , suse/pcp:5.2-15.50 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.50 , suse/pcp:latest Container Release : 15.50 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:bci-bci-init-15.5-15.5-10.28 updated From sle-updates at lists.suse.com Wed Nov 1 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:02 -0000 Subject: SUSE-SU-2023:4328-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Message-ID: <169882740241.12567.12900088633869824086@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4328-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_88 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4327=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4328=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4328=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4327=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-2-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 1 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4331-1: important: Security update for libsndfile Message-ID: <169882740509.12567.10444764394833179902@smelt2.prg2.suse.org> # Security update for libsndfile Announcement ID: SUSE-SU-2023:4331-1 Rating: important References: * bsc#1213451 Cross-References: * CVE-2022-33065 CVSS scores: * CVE-2022-33065 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-33065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4331=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libsndfile-devel-1.0.25-36.29.1 * libsndfile-debugsource-1.0.25-36.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33065.html * https://bugzilla.suse.com/show_bug.cgi?id=1213451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 1 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:07 -0000 Subject: SUSE-SU-2023:4330-1: important: Security update for libsndfile Message-ID: <169882740725.12567.696255674887091601@smelt2.prg2.suse.org> # Security update for libsndfile Announcement ID: SUSE-SU-2023:4330-1 Rating: important References: * bsc#1213451 Cross-References: * CVE-2022-33065 CVSS scores: * CVE-2022-33065 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-33065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4330=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4330=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4330=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4330=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4330=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4330=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4330=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4330=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4330=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4330=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4330=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4330=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4330=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4330=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE CaaS Platform 4.0 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsndfile-progs-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile-progs-debuginfo-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-progs-debugsource-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * openSUSE Leap 15.4 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsndfile-progs-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile-progs-debuginfo-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-progs-debugsource-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * openSUSE Leap 15.5 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33065.html * https://bugzilla.suse.com/show_bug.cgi?id=1213451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 1 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:10 -0000 Subject: SUSE-SU-2023:4329-1: important: Security update for slurm Message-ID: <169882741040.12567.13115647705118824807@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4329-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4329=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4329=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4329=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libslurm36-20.11.9-150200.6.13.1 * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libslurm36-debuginfo-20.11.9-150200.6.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 08:01:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:01:53 +0100 (CET) Subject: SUSE-CU-2023:3655-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231102080153.C07FCF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3655-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.249 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.249 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Thu Nov 2 08:02:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:02:18 +0100 (CET) Subject: SUSE-CU-2023:3656-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231102080218.7046FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3656-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.146 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.146 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-updates at lists.suse.com Thu Nov 2 08:02:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:02:28 +0100 (CET) Subject: SUSE-CU-2023:3657-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231102080228.9FE0EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3657-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.91 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.91 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:04:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:04:00 +0100 (CET) Subject: SUSE-CU-2023:3658-1: Security update of suse/sles12sp5 Message-ID: <20231102080400.97A46F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3658-1 Container Tags : suse/sles12sp5:6.5.529 , suse/sles12sp5:latest Container Release : 6.5.529 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4287-1 Released: Tue Oct 31 09:03:38 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-1.6.1 updated - libstdc++6-13.2.1+git7813-1.6.1 updated From sle-updates at lists.suse.com Thu Nov 2 08:05:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:05:44 +0100 (CET) Subject: SUSE-CU-2023:3659-1: Security update of suse/sle15 Message-ID: <20231102080544.572B3F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3659-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.838 Container Release : 6.2.838 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated From sle-updates at lists.suse.com Thu Nov 2 08:07:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:07:13 +0100 (CET) Subject: SUSE-CU-2023:3660-1: Security update of suse/sle15 Message-ID: <20231102080713.D5F52F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3660-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.365 Container Release : 9.5.365 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated From sle-updates at lists.suse.com Thu Nov 2 08:07:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:07:28 +0100 (CET) Subject: SUSE-CU-2023:3661-1: Recommended update of bci/golang Message-ID: <20231102080728.6857BF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3661-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.34 , bci/golang:oldstable , bci/golang:oldstable-2.4.34 Container Release : 4.34 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:07:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:07:33 +0100 (CET) Subject: SUSE-CU-2023:3662-1: Recommended update of bci/golang Message-ID: <20231102080733.349D0F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3662-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.33 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.33 Container Release : 7.33 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:07:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:07:46 +0100 (CET) Subject: SUSE-CU-2023:3663-1: Recommended update of bci/nodejs Message-ID: <20231102080746.52815F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3663-1 Container Tags : bci/node:18 , bci/node:18-11.30 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.30 , bci/nodejs:latest Container Release : 11.30 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:08:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:02 +0100 (CET) Subject: SUSE-CU-2023:3664-1: Recommended update of bci/openjdk-devel Message-ID: <20231102080802.4D7A1F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3664-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.65 Container Release : 10.65 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:bci-openjdk-11-15.5.11-11.31 updated From sle-updates at lists.suse.com Thu Nov 2 08:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:3665-1: Security update of bci/openjdk-devel Message-ID: <20231102080816.2DB3EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3665-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.57 , bci/openjdk-devel:latest Container Release : 12.57 Severity : important Type : security References : 1196647 1214790 1216339 1216374 CVE-2023-22025 CVE-2023-22081 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4289-1 Released: Tue Oct 31 09:15:08 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - java-17-openjdk-headless-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-devel-17.0.9.0-150400.3.33.1 updated - container:bci-openjdk-17-15.5.17-12.28 updated From sle-updates at lists.suse.com Thu Nov 2 08:08:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:28 +0100 (CET) Subject: SUSE-CU-2023:3666-1: Security update of bci/openjdk Message-ID: <20231102080828.C22C7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3666-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.28 , bci/openjdk:latest Container Release : 12.28 Severity : important Type : security References : 1196647 1214790 1216339 1216374 CVE-2023-22025 CVE-2023-22081 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4289-1 Released: Tue Oct 31 09:15:08 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - java-17-openjdk-headless-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-17.0.9.0-150400.3.33.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:08:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:40 +0100 (CET) Subject: SUSE-CU-2023:3654-1: Recommended update of suse/pcp Message-ID: <20231102080840.C0FA1F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3654-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.50 , suse/pcp:5.2 , suse/pcp:5.2-15.50 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.50 , suse/pcp:latest Container Release : 15.50 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:bci-bci-init-15.5-15.5-10.28 updated From sle-updates at lists.suse.com Thu Nov 2 08:08:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:50 +0100 (CET) Subject: SUSE-CU-2023:3667-1: Recommended update of bci/php-apache Message-ID: <20231102080850.72923F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3667-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.26 Container Release : 8.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:01 +0100 (CET) Subject: SUSE-CU-2023:3668-1: Recommended update of bci/php-fpm Message-ID: <20231102080901.233F8F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3668-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.28 Container Release : 8.28 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:11 +0100 (CET) Subject: SUSE-CU-2023:3669-1: Recommended update of bci/php Message-ID: <20231102080911.E8C0EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3669-1 Container Tags : bci/php:8 , bci/php:8-8.25 Container Release : 8.25 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:22 +0100 (CET) Subject: SUSE-CU-2023:3670-1: Recommended update of suse/postgres Message-ID: <20231102080922.C3011F417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3670-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.6 , suse/postgres:15.4 , suse/postgres:15.4-12.6 , suse/postgres:latest Container Release : 12.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:35 +0100 (CET) Subject: SUSE-CU-2023:3671-1: Recommended update of bci/python Message-ID: <20231102080935.9F561F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3671-1 Container Tags : bci/python:3 , bci/python:3-12.22 , bci/python:3.11 , bci/python:3.11-12.22 , bci/python:latest Container Release : 12.22 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:48 +0100 (CET) Subject: SUSE-CU-2023:3672-1: Recommended update of bci/python Message-ID: <20231102080948.73AA4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3672-1 Container Tags : bci/python:3 , bci/python:3-14.22 , bci/python:3.6 , bci/python:3.6-14.22 Container Release : 14.22 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:09:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:51 +0100 (CET) Subject: SUSE-CU-2023:3673-1: Security update of suse/rmt-server Message-ID: <20231102080951.24D00F417@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3673-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.27 , suse/rmt-server:latest Container Release : 11.27 Severity : important Type : security References : 1107342 1193035 1196647 1205726 1206480 1206684 1209891 1209967 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2021-33621 CVE-2021-41817 CVE-2023-28755 CVE-2023-28756 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4176-1 Released: Tue Oct 24 15:35:11 2023 Summary: Security update for ruby2.5 Type: security Severity: important References: 1193035,1205726,1209891,1209967,CVE-2021-33621,CVE-2021-41817,CVE-2023-28755,CVE-2023-28756 This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) - CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4195-1 Released: Wed Oct 25 11:18:26 2023 Summary: Recommended update for mariadb-connector-c Type: recommended Severity: moderate References: This update for mariadb-connector-c fixes the following issues: - Update to release 3.1.21: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-21-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-20-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-19-release-notes/ * https://mariadb.com/kb/en/mariadb-connectorc-3-1-18-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3117-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3116-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3115-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3114-release-notes/ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - libmariadb3-3.1.21-150000.3.33.3 updated - libruby2_5-2_5-2.5.9-150000.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.29.1 updated - ruby2.5-2.5.9-150000.4.29.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:10:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:10:02 +0100 (CET) Subject: SUSE-CU-2023:3674-1: Recommended update of bci/ruby Message-ID: <20231102081002.678F9F417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3674-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.26 , bci/ruby:2.5 , bci/ruby:2.5-12.26 , bci/ruby:latest Container Release : 12.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 08:30:03 -0000 Subject: SUSE-RU-2023:4336-1: moderate: Recommended update for slurm_23_02 Message-ID: <169891380384.5339.3423806552111511561@smelt2.prg2.suse.org> # Recommended update for slurm_23_02 Announcement ID: SUSE-RU-2023:4336-1 Rating: moderate References: * bsc#1215437 Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * Updated to version 23.02.5 with the following changes: * Bug Fixes: * Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the job's environment when `--ntasks-per-node` was requested. The method that is is being set, however, is different and should be more accurate in more situations. * Change pmi2 plugin to honor the `SrunPortRange` option. This matches the new behavior of the pmix plugin in 23.02.0. Note that neither of these plugins makes use of the `MpiParams=ports=` option, and previously were only limited by the systems ephemeral port range. * Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if a node features plugin is configured. * Fix and prevent reoccurring reservations from overlapping. * `job_container/tmpfs` \- Avoid attempts to share BasePath between nodes. * With `CR_Cpu_Memory`, fix node selection for jobs that request gres and `--mem-per-cpu`. * Fix a regression from 22.05.7 in which some jobs were allocated too few nodes, thus overcommitting cpus to some tasks. * Fix a job being stuck in the completing state if the job ends while the primary controller is down or unresponsive and the backup controller has not yet taken over. * Fix `slurmctld` segfault when a node registers with a configured `CpuSpecList` while `slurmctld` configuration has the node without `CpuSpecList`. * Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after not registering by `ResumeTimeout`. * `slurmstepd` \- Avoid cleanup of `config.json-less` containers spooldir getting skipped. * Fix scontrol segfault when 'completing' command requested repeatedly in interactive mode. * Properly handle a race condition between `bind()` and `listen()` calls in the network stack when running with SrunPortRange set. * Federation - Fix revoked jobs being returned regardless of the `-a`/`--all` option for privileged users. * Federation - Fix canceling pending federated jobs from non-origin clusters which could leave federated jobs orphaned from the origin cluster. * Fix sinfo segfault when printing multiple clusters with `--noheader` option. * Federation - fix clusters not syncing if clusters are added to a federation before they have registered with the dbd. * `node_features/helpers` \- Fix node selection for jobs requesting changeable. features with the `|` operator, which could prevent jobs from running on some valid nodes. * `node_features/helpers` \- Fix inconsistent handling of `&` and `|`, where an AND'd feature was sometimes AND'd to all sets of features instead of just the current set. E.g. `foo|bar&baz` was interpreted as `{foo,baz}` or `{bar,baz}` instead of how it is documented: `{foo} or {bar,baz}`. * Fix job accounting so that when a job is requeued its allocated node count is cleared. After the requeue, sacct will correctly show that the job has 0 `AllocNodes` while it is pending or if it is canceled before restarting. * `sacct` \- `AllocCPUS` now correctly shows 0 if a job has not yet received an allocation or if the job was canceled before getting one. * Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs, and do not detect `/dev/dri/card[0-9]+`. * Fix node selection for jobs that request `--gpus` and a number of tasks fewer than GPUs, which resulted in incorrectly rejecting these jobs. * Remove `MYSQL_OPT_RECONNECT` completely. * Fix cloud nodes in `POWERING_UP` state disappearing (getting set to `FUTURE`) when an `scontrol reconfigure` happens. * `openapi/dbv0.0.39` \- Avoid assert / segfault on missing coordinators list. * `slurmrestd` \- Correct memory leak while parsing OpenAPI specification templates with server overrides. * Fix overwriting user node reason with system message. * Prevent deadlock when `rpc_queue` is enabled. * `slurmrestd` \- Correct OpenAPI specification generation bug where fields with overlapping parent paths would not get generated. * Fix memory leak as a result of a partition info query. * Fix memory leak as a result of a job info query. * For step allocations, fix `--gres=none` sometimes not ignoring gres from the job. * Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't. * Fix allocations with `CR_SOCKET`, gres not assigned to a specific socket, and block core distribion potentially allocating more sockets than required. * Revert a change in 23.02.3 where Slurm would kill a script's process group as soon as the script ended instead of waiting as long as any process in that process group held the stdout/stderr file descriptors open. That change broke some scripts that relied on the previous behavior. Setting time limits for scripts (such as `PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting indefinitely for scripts to finish. * Fix `slurmdbd -R` not returning an error under certain conditions. * `slurmdbd` \- Avoid potential NULL pointer dereference in the mysql plugin. * Fix regression in 23.02.3 which broken X11 forwarding for hosts when MUNGE sends a localhost address in the encode host field. This is caused when the node hostname is mapped to 127.0.0.1 (or similar) in `/etc/hosts`. * `openapi/[db]v0.0.39` \- fix memory leak on parsing error. * `data_parser/v0.0.39` \- fix updating qos for associations. * `openapi/dbv0.0.39` \- fix updating values for associations with null users. * Fix minor memory leak with `--tres-per-task` and licenses. * Fix cyclic socket cpu distribution for tasks in a step where `--cpus-per-task` < usable threads per core. * `slurmrestd` \- For `GET /slurm/v0.0.39/node[s]`, change format of node's energy field `current_watts` to a dictionary to account for unset value instead of dumping 4294967294. * `slurmrestd` \- For `GET /slurm/v0.0.39/qos`, change format of QOS's field "priority" to a dictionary to account for unset value instead of dumping 4294967294. * slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code' code field in `v0.0.39_job_exit`_code will be set to -127 instead of being left unset where job does not have a relevant return code. * Other Changes: * Remove --uid / --gid options from salloc and srun commands. These options did not work correctly since the CVE-2022-29500 fix in combination with some changes made in 23.02.0. * Add the `JobId` to `debug()` messages indicating when `cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically adjusted. * Change the log message warning for rate limited users from verbose to info. * `slurmstepd` \- Cleanup per task generated environment for containers in spooldir. * Format batch, extern, interactive, and pending step ids into strings that are human readable. * `slurmrestd` \- Reduce memory usage when printing out job CPU frequency. * `data_parser/v0.0.39` \- Add `required/memory_per_cpu` and `required/memory_per_node` to `sacct --json` and `sacct --yaml` and `GET /slurmdb/v0.0.39/jobs` from slurmrestd. * `gpu/oneapi` \- Store cores correctly so CPU affinity is tracked. * Allow `slurmdbd -R` to work if the root assoc id is not 1. * Limit periodic node registrations to 50 instead of the full `TreeWidth`. Since unresolvable `cloud/dynamic` nodes must disable fanout by setting `TreeWidth` to a large number, this would cause all nodes to register at once. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4336=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_23_02-node-23.02.5-3.10.6 * libslurm39-23.02.5-3.10.6 * slurm_23_02-lua-23.02.5-3.10.6 * slurm_23_02-pam_slurm-23.02.5-3.10.6 * perl-slurm_23_02-23.02.5-3.10.6 * libslurm39-debuginfo-23.02.5-3.10.6 * slurm_23_02-sql-23.02.5-3.10.6 * libnss_slurm2_23_02-23.02.5-3.10.6 * slurm_23_02-slurmdbd-debuginfo-23.02.5-3.10.6 * slurm_23_02-sview-23.02.5-3.10.6 * slurm_23_02-devel-23.02.5-3.10.6 * slurm_23_02-cray-debuginfo-23.02.5-3.10.6 * slurm_23_02-node-debuginfo-23.02.5-3.10.6 * slurm_23_02-plugins-debuginfo-23.02.5-3.10.6 * slurm_23_02-auth-none-debuginfo-23.02.5-3.10.6 * slurm_23_02-23.02.5-3.10.6 * slurm_23_02-munge-debuginfo-23.02.5-3.10.6 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-3.10.6 * slurm_23_02-slurmdbd-23.02.5-3.10.6 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-3.10.6 * slurm_23_02-cray-23.02.5-3.10.6 * libpmi0_23_02-23.02.5-3.10.6 * slurm_23_02-torque-23.02.5-3.10.6 * libnss_slurm2_23_02-debuginfo-23.02.5-3.10.6 * slurm_23_02-lua-debuginfo-23.02.5-3.10.6 * slurm_23_02-sql-debuginfo-23.02.5-3.10.6 * slurm_23_02-pam_slurm-debuginfo-23.02.5-3.10.6 * libpmi0_23_02-debuginfo-23.02.5-3.10.6 * slurm_23_02-auth-none-23.02.5-3.10.6 * slurm_23_02-plugins-23.02.5-3.10.6 * perl-slurm_23_02-debuginfo-23.02.5-3.10.6 * slurm_23_02-debuginfo-23.02.5-3.10.6 * slurm_23_02-debugsource-23.02.5-3.10.6 * slurm_23_02-sview-debuginfo-23.02.5-3.10.6 * slurm_23_02-torque-debuginfo-23.02.5-3.10.6 * slurm_23_02-munge-23.02.5-3.10.6 * HPC Module 12 (noarch) * slurm_23_02-webdoc-23.02.5-3.10.6 * slurm_23_02-config-man-23.02.5-3.10.6 * slurm_23_02-config-23.02.5-3.10.6 * slurm_23_02-doc-23.02.5-3.10.6 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215437 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 08:30:07 -0000 Subject: SUSE-RU-2023:4335-1: moderate: Recommended update for slurm_23_02 Message-ID: <169891380746.5339.12709662701379498369@smelt2.prg2.suse.org> # Recommended update for slurm_23_02 Announcement ID: SUSE-RU-2023:4335-1 Rating: moderate References: * bsc#1215437 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that has one fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * Updated to version 23.02.5 with the following changes: * Bug Fixes: * Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the job's environment when `--ntasks-per-node` was requested. The method that is is being set, however, is different and should be more accurate in more situations. * Change pmi2 plugin to honor the `SrunPortRange` option. This matches the new behavior of the pmix plugin in 23.02.0. Note that neither of these plugins makes use of the `MpiParams=ports=` option, and previously were only limited by the systems ephemeral port range. * Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if a node features plugin is configured. * Fix and prevent reoccurring reservations from overlapping. * `job_container/tmpfs` \- Avoid attempts to share BasePath between nodes. * With `CR_Cpu_Memory`, fix node selection for jobs that request gres and `--mem-per-cpu`. * Fix a regression from 22.05.7 in which some jobs were allocated too few nodes, thus overcommitting cpus to some tasks. * Fix a job being stuck in the completing state if the job ends while the primary controller is down or unresponsive and the backup controller has not yet taken over. * Fix `slurmctld` segfault when a node registers with a configured `CpuSpecList` while `slurmctld` configuration has the node without `CpuSpecList`. * Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after not registering by `ResumeTimeout`. * `slurmstepd` \- Avoid cleanup of `config.json-less` containers spooldir getting skipped. * Fix scontrol segfault when 'completing' command requested repeatedly in interactive mode. * Properly handle a race condition between `bind()` and `listen()` calls in the network stack when running with SrunPortRange set. * Federation - Fix revoked jobs being returned regardless of the `-a`/`--all` option for privileged users. * Federation - Fix canceling pending federated jobs from non-origin clusters which could leave federated jobs orphaned from the origin cluster. * Fix sinfo segfault when printing multiple clusters with `--noheader` option. * Federation - fix clusters not syncing if clusters are added to a federation before they have registered with the dbd. * `node_features/helpers` \- Fix node selection for jobs requesting changeable. features with the `|` operator, which could prevent jobs from running on some valid nodes. * `node_features/helpers` \- Fix inconsistent handling of `&` and `|`, where an AND'd feature was sometimes AND'd to all sets of features instead of just the current set. E.g. `foo|bar&baz` was interpreted as `{foo,baz}` or `{bar,baz}` instead of how it is documented: `{foo} or {bar,baz}`. * Fix job accounting so that when a job is requeued its allocated node count is cleared. After the requeue, sacct will correctly show that the job has 0 `AllocNodes` while it is pending or if it is canceled before restarting. * `sacct` \- `AllocCPUS` now correctly shows 0 if a job has not yet received an allocation or if the job was canceled before getting one. * Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs, and do not detect `/dev/dri/card[0-9]+`. * Fix node selection for jobs that request `--gpus` and a number of tasks fewer than GPUs, which resulted in incorrectly rejecting these jobs. * Remove `MYSQL_OPT_RECONNECT` completely. * Fix cloud nodes in `POWERING_UP` state disappearing (getting set to `FUTURE`) when an `scontrol reconfigure` happens. * `openapi/dbv0.0.39` \- Avoid assert / segfault on missing coordinators list. * `slurmrestd` \- Correct memory leak while parsing OpenAPI specification templates with server overrides. * Fix overwriting user node reason with system message. * Prevent deadlock when `rpc_queue` is enabled. * `slurmrestd` \- Correct OpenAPI specification generation bug where fields with overlapping parent paths would not get generated. * Fix memory leak as a result of a partition info query. * Fix memory leak as a result of a job info query. * For step allocations, fix `--gres=none` sometimes not ignoring gres from the job. * Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't. * Fix allocations with `CR_SOCKET`, gres not assigned to a specific socket, and block core distribion potentially allocating more sockets than required. * Revert a change in 23.02.3 where Slurm would kill a script's process group as soon as the script ended instead of waiting as long as any process in that process group held the stdout/stderr file descriptors open. That change broke some scripts that relied on the previous behavior. Setting time limits for scripts (such as `PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting indefinitely for scripts to finish. * Fix `slurmdbd -R` not returning an error under certain conditions. * `slurmdbd` \- Avoid potential NULL pointer dereference in the mysql plugin. * Fix regression in 23.02.3 which broken X11 forwarding for hosts when MUNGE sends a localhost address in the encode host field. This is caused when the node hostname is mapped to 127.0.0.1 (or similar) in `/etc/hosts`. * `openapi/[db]v0.0.39` \- fix memory leak on parsing error. * `data_parser/v0.0.39` \- fix updating qos for associations. * `openapi/dbv0.0.39` \- fix updating values for associations with null users. * Fix minor memory leak with `--tres-per-task` and licenses. * Fix cyclic socket cpu distribution for tasks in a step where `--cpus-per-task` < usable threads per core. * `slurmrestd` \- For `GET /slurm/v0.0.39/node[s]`, change format of node's energy field `current_watts` to a dictionary to account for unset value instead of dumping 4294967294. * `slurmrestd` \- For `GET /slurm/v0.0.39/qos`, change format of QOS's field "priority" to a dictionary to account for unset value instead of dumping 4294967294. * slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code' code field in `v0.0.39_job_exit`_code will be set to -127 instead of being left unset where job does not have a relevant return code. * Other Changes: * Remove --uid / --gid options from salloc and srun commands. These options did not work correctly since the CVE-2022-29500 fix in combination with some changes made in 23.02.0. * Add the `JobId` to `debug()` messages indicating when `cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically adjusted. * Change the log message warning for rate limited users from verbose to info. * `slurmstepd` \- Cleanup per task generated environment for containers in spooldir. * Format batch, extern, interactive, and pending step ids into strings that are human readable. * `slurmrestd` \- Reduce memory usage when printing out job CPU frequency. * `data_parser/v0.0.39` \- Add `required/memory_per_cpu` and `required/memory_per_node` to `sacct --json` and `sacct --yaml` and `GET /slurmdb/v0.0.39/jobs` from slurmrestd. * `gpu/oneapi` \- Store cores correctly so CPU affinity is tracked. * Allow `slurmdbd -R` to work if the root assoc id is not 1. * Limit periodic node registrations to 50 instead of the full `TreeWidth`. Since unresolvable `cloud/dynamic` nodes must disable fanout by setting `TreeWidth` to a large number, this would cause all nodes to register at once. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4335=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * slurm_23_02-rest-debuginfo-23.02.5-150100.3.11.2 * libslurm39-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-cray-23.02.5-150100.3.11.2 * slurm_23_02-lua-23.02.5-150100.3.11.2 * libnss_slurm2_23_02-23.02.5-150100.3.11.2 * slurm_23_02-node-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-23.02.5-150100.3.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150100.3.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150100.3.11.2 * libslurm39-23.02.5-150100.3.11.2 * slurm_23_02-pam_slurm-23.02.5-150100.3.11.2 * slurm_23_02-sview-23.02.5-150100.3.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150100.3.11.2 * libpmi0_23_02-23.02.5-150100.3.11.2 * slurm_23_02-devel-23.02.5-150100.3.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-rest-23.02.5-150100.3.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150100.3.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-slurmdbd-23.02.5-150100.3.11.2 * slurm_23_02-torque-23.02.5-150100.3.11.2 * slurm_23_02-auth-none-23.02.5-150100.3.11.2 * slurm_23_02-plugins-23.02.5-150100.3.11.2 * slurm_23_02-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-debugsource-23.02.5-150100.3.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150100.3.11.2 * perl-slurm_23_02-23.02.5-150100.3.11.2 * libpmi0_23_02-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-munge-23.02.5-150100.3.11.2 * slurm_23_02-node-23.02.5-150100.3.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150100.3.11.2 * slurm_23_02-sql-23.02.5-150100.3.11.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_23_02-config-23.02.5-150100.3.11.2 * slurm_23_02-webdoc-23.02.5-150100.3.11.2 * slurm_23_02-config-man-23.02.5-150100.3.11.2 * slurm_23_02-doc-23.02.5-150100.3.11.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215437 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 08:30:09 -0000 Subject: SUSE-RU-2023:4334-1: moderate: Recommended update for slurm_23_02 Message-ID: <169891380969.5339.4008700795413381678@smelt2.prg2.suse.org> # Recommended update for slurm_23_02 Announcement ID: SUSE-RU-2023:4334-1 Rating: moderate References: * bsc#1215437 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that has one fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * Updated to version 23.02.5 with the following changes: * Bug Fixes: * Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the job's environment when `--ntasks-per-node` was requested. The method that is is being set, however, is different and should be more accurate in more situations. * Change pmi2 plugin to honor the `SrunPortRange` option. This matches the new behavior of the pmix plugin in 23.02.0. Note that neither of these plugins makes use of the `MpiParams=ports=` option, and previously were only limited by the systems ephemeral port range. * Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if a node features plugin is configured. * Fix and prevent reoccurring reservations from overlapping. * `job_container/tmpfs` \- Avoid attempts to share BasePath between nodes. * With `CR_Cpu_Memory`, fix node selection for jobs that request gres and `--mem-per-cpu`. * Fix a regression from 22.05.7 in which some jobs were allocated too few nodes, thus overcommitting cpus to some tasks. * Fix a job being stuck in the completing state if the job ends while the primary controller is down or unresponsive and the backup controller has not yet taken over. * Fix `slurmctld` segfault when a node registers with a configured `CpuSpecList` while `slurmctld` configuration has the node without `CpuSpecList`. * Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after not registering by `ResumeTimeout`. * `slurmstepd` \- Avoid cleanup of `config.json-less` containers spooldir getting skipped. * Fix scontrol segfault when 'completing' command requested repeatedly in interactive mode. * Properly handle a race condition between `bind()` and `listen()` calls in the network stack when running with SrunPortRange set. * Federation - Fix revoked jobs being returned regardless of the `-a`/`--all` option for privileged users. * Federation - Fix canceling pending federated jobs from non-origin clusters which could leave federated jobs orphaned from the origin cluster. * Fix sinfo segfault when printing multiple clusters with `--noheader` option. * Federation - fix clusters not syncing if clusters are added to a federation before they have registered with the dbd. * `node_features/helpers` \- Fix node selection for jobs requesting changeable. features with the `|` operator, which could prevent jobs from running on some valid nodes. * `node_features/helpers` \- Fix inconsistent handling of `&` and `|`, where an AND'd feature was sometimes AND'd to all sets of features instead of just the current set. E.g. `foo|bar&baz` was interpreted as `{foo,baz}` or `{bar,baz}` instead of how it is documented: `{foo} or {bar,baz}`. * Fix job accounting so that when a job is requeued its allocated node count is cleared. After the requeue, sacct will correctly show that the job has 0 `AllocNodes` while it is pending or if it is canceled before restarting. * `sacct` \- `AllocCPUS` now correctly shows 0 if a job has not yet received an allocation or if the job was canceled before getting one. * Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs, and do not detect `/dev/dri/card[0-9]+`. * Fix node selection for jobs that request `--gpus` and a number of tasks fewer than GPUs, which resulted in incorrectly rejecting these jobs. * Remove `MYSQL_OPT_RECONNECT` completely. * Fix cloud nodes in `POWERING_UP` state disappearing (getting set to `FUTURE`) when an `scontrol reconfigure` happens. * `openapi/dbv0.0.39` \- Avoid assert / segfault on missing coordinators list. * `slurmrestd` \- Correct memory leak while parsing OpenAPI specification templates with server overrides. * Fix overwriting user node reason with system message. * Prevent deadlock when `rpc_queue` is enabled. * `slurmrestd` \- Correct OpenAPI specification generation bug where fields with overlapping parent paths would not get generated. * Fix memory leak as a result of a partition info query. * Fix memory leak as a result of a job info query. * For step allocations, fix `--gres=none` sometimes not ignoring gres from the job. * Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't. * Fix allocations with `CR_SOCKET`, gres not assigned to a specific socket, and block core distribion potentially allocating more sockets than required. * Revert a change in 23.02.3 where Slurm would kill a script's process group as soon as the script ended instead of waiting as long as any process in that process group held the stdout/stderr file descriptors open. That change broke some scripts that relied on the previous behavior. Setting time limits for scripts (such as `PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting indefinitely for scripts to finish. * Fix `slurmdbd -R` not returning an error under certain conditions. * `slurmdbd` \- Avoid potential NULL pointer dereference in the mysql plugin. * Fix regression in 23.02.3 which broken X11 forwarding for hosts when MUNGE sends a localhost address in the encode host field. This is caused when the node hostname is mapped to 127.0.0.1 (or similar) in `/etc/hosts`. * `openapi/[db]v0.0.39` \- fix memory leak on parsing error. * `data_parser/v0.0.39` \- fix updating qos for associations. * `openapi/dbv0.0.39` \- fix updating values for associations with null users. * Fix minor memory leak with `--tres-per-task` and licenses. * Fix cyclic socket cpu distribution for tasks in a step where `--cpus-per-task` < usable threads per core. * `slurmrestd` \- For `GET /slurm/v0.0.39/node[s]`, change format of node's energy field `current_watts` to a dictionary to account for unset value instead of dumping 4294967294. * `slurmrestd` \- For `GET /slurm/v0.0.39/qos`, change format of QOS's field "priority" to a dictionary to account for unset value instead of dumping 4294967294. * slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code' code field in `v0.0.39_job_exit`_code will be set to -127 instead of being left unset where job does not have a relevant return code. * Other Changes: * Remove --uid / --gid options from salloc and srun commands. These options did not work correctly since the CVE-2022-29500 fix in combination with some changes made in 23.02.0. * Add the `JobId` to `debug()` messages indicating when `cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically adjusted. * Change the log message warning for rate limited users from verbose to info. * `slurmstepd` \- Cleanup per task generated environment for containers in spooldir. * Format batch, extern, interactive, and pending step ids into strings that are human readable. * `slurmrestd` \- Reduce memory usage when printing out job CPU frequency. * `data_parser/v0.0.39` \- Add `required/memory_per_cpu` and `required/memory_per_node` to `sacct --json` and `sacct --yaml` and `GET /slurmdb/v0.0.39/jobs` from slurmrestd. * `gpu/oneapi` \- Store cores correctly so CPU affinity is tracked. * Allow `slurmdbd -R` to work if the root assoc id is not 1. * Limit periodic node registrations to 50 instead of the full `TreeWidth`. Since unresolvable `cloud/dynamic` nodes must disable fanout by setting `TreeWidth` to a large number, this would cause all nodes to register at once. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4334=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libnss_slurm2_23_02-23.02.5-150200.5.11.2 * libpmi0_23_02-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-slurmdbd-23.02.5-150200.5.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-pam_slurm-23.02.5-150200.5.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-sview-23.02.5-150200.5.11.2 * slurm_23_02-munge-23.02.5-150200.5.11.2 * slurm_23_02-rest-23.02.5-150200.5.11.2 * slurm_23_02-lua-23.02.5-150200.5.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-23.02.5-150200.5.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-torque-23.02.5-150200.5.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-node-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-cray-23.02.5-150200.5.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150200.5.11.2 * libslurm39-23.02.5-150200.5.11.2 * slurm_23_02-sql-23.02.5-150200.5.11.2 * perl-slurm_23_02-23.02.5-150200.5.11.2 * slurm_23_02-plugins-23.02.5-150200.5.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150200.5.11.2 * libslurm39-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150200.5.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150200.5.11.2 * libpmi0_23_02-23.02.5-150200.5.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-devel-23.02.5-150200.5.11.2 * slurm_23_02-node-23.02.5-150200.5.11.2 * slurm_23_02-auth-none-23.02.5-150200.5.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150200.5.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150200.5.11.2 * slurm_23_02-debugsource-23.02.5-150200.5.11.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_23_02-doc-23.02.5-150200.5.11.2 * slurm_23_02-webdoc-23.02.5-150200.5.11.2 * slurm_23_02-config-man-23.02.5-150200.5.11.2 * slurm_23_02-config-23.02.5-150200.5.11.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215437 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 08:30:12 -0000 Subject: SUSE-RU-2023:4333-1: moderate: Recommended update for slurm_23_02 Message-ID: <169891381215.5339.16707913555010483821@smelt2.prg2.suse.org> # Recommended update for slurm_23_02 Announcement ID: SUSE-RU-2023:4333-1 Rating: moderate References: * bsc#1215437 Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that has one fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * Updated to version 23.02.5 with the following changes: * Bug Fixes: * Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the job's environment when `--ntasks-per-node` was requested. The method that is is being set, however, is different and should be more accurate in more situations. * Change pmi2 plugin to honor the `SrunPortRange` option. This matches the new behavior of the pmix plugin in 23.02.0. Note that neither of these plugins makes use of the `MpiParams=ports=` option, and previously were only limited by the systems ephemeral port range. * Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if a node features plugin is configured. * Fix and prevent reoccurring reservations from overlapping. * `job_container/tmpfs` \- Avoid attempts to share BasePath between nodes. * With `CR_Cpu_Memory`, fix node selection for jobs that request gres and `--mem-per-cpu`. * Fix a regression from 22.05.7 in which some jobs were allocated too few nodes, thus overcommitting cpus to some tasks. * Fix a job being stuck in the completing state if the job ends while the primary controller is down or unresponsive and the backup controller has not yet taken over. * Fix `slurmctld` segfault when a node registers with a configured `CpuSpecList` while `slurmctld` configuration has the node without `CpuSpecList`. * Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after not registering by `ResumeTimeout`. * `slurmstepd` \- Avoid cleanup of `config.json-less` containers spooldir getting skipped. * Fix scontrol segfault when 'completing' command requested repeatedly in interactive mode. * Properly handle a race condition between `bind()` and `listen()` calls in the network stack when running with SrunPortRange set. * Federation - Fix revoked jobs being returned regardless of the `-a`/`--all` option for privileged users. * Federation - Fix canceling pending federated jobs from non-origin clusters which could leave federated jobs orphaned from the origin cluster. * Fix sinfo segfault when printing multiple clusters with `--noheader` option. * Federation - fix clusters not syncing if clusters are added to a federation before they have registered with the dbd. * `node_features/helpers` \- Fix node selection for jobs requesting changeable. features with the `|` operator, which could prevent jobs from running on some valid nodes. * `node_features/helpers` \- Fix inconsistent handling of `&` and `|`, where an AND'd feature was sometimes AND'd to all sets of features instead of just the current set. E.g. `foo|bar&baz` was interpreted as `{foo,baz}` or `{bar,baz}` instead of how it is documented: `{foo} or {bar,baz}`. * Fix job accounting so that when a job is requeued its allocated node count is cleared. After the requeue, sacct will correctly show that the job has 0 `AllocNodes` while it is pending or if it is canceled before restarting. * `sacct` \- `AllocCPUS` now correctly shows 0 if a job has not yet received an allocation or if the job was canceled before getting one. * Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs, and do not detect `/dev/dri/card[0-9]+`. * Fix node selection for jobs that request `--gpus` and a number of tasks fewer than GPUs, which resulted in incorrectly rejecting these jobs. * Remove `MYSQL_OPT_RECONNECT` completely. * Fix cloud nodes in `POWERING_UP` state disappearing (getting set to `FUTURE`) when an `scontrol reconfigure` happens. * `openapi/dbv0.0.39` \- Avoid assert / segfault on missing coordinators list. * `slurmrestd` \- Correct memory leak while parsing OpenAPI specification templates with server overrides. * Fix overwriting user node reason with system message. * Prevent deadlock when `rpc_queue` is enabled. * `slurmrestd` \- Correct OpenAPI specification generation bug where fields with overlapping parent paths would not get generated. * Fix memory leak as a result of a partition info query. * Fix memory leak as a result of a job info query. * For step allocations, fix `--gres=none` sometimes not ignoring gres from the job. * Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't. * Fix allocations with `CR_SOCKET`, gres not assigned to a specific socket, and block core distribion potentially allocating more sockets than required. * Revert a change in 23.02.3 where Slurm would kill a script's process group as soon as the script ended instead of waiting as long as any process in that process group held the stdout/stderr file descriptors open. That change broke some scripts that relied on the previous behavior. Setting time limits for scripts (such as `PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting indefinitely for scripts to finish. * Fix `slurmdbd -R` not returning an error under certain conditions. * `slurmdbd` \- Avoid potential NULL pointer dereference in the mysql plugin. * Fix regression in 23.02.3 which broken X11 forwarding for hosts when MUNGE sends a localhost address in the encode host field. This is caused when the node hostname is mapped to 127.0.0.1 (or similar) in `/etc/hosts`. * `openapi/[db]v0.0.39` \- fix memory leak on parsing error. * `data_parser/v0.0.39` \- fix updating qos for associations. * `openapi/dbv0.0.39` \- fix updating values for associations with null users. * Fix minor memory leak with `--tres-per-task` and licenses. * Fix cyclic socket cpu distribution for tasks in a step where `--cpus-per-task` < usable threads per core. * `slurmrestd` \- For `GET /slurm/v0.0.39/node[s]`, change format of node's energy field `current_watts` to a dictionary to account for unset value instead of dumping 4294967294. * `slurmrestd` \- For `GET /slurm/v0.0.39/qos`, change format of QOS's field "priority" to a dictionary to account for unset value instead of dumping 4294967294. * slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code' code field in `v0.0.39_job_exit`_code will be set to -127 instead of being left unset where job does not have a relevant return code. * Other Changes: * Remove --uid / --gid options from salloc and srun commands. These options did not work correctly since the CVE-2022-29500 fix in combination with some changes made in 23.02.0. * Add the `JobId` to `debug()` messages indicating when `cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically adjusted. * Change the log message warning for rate limited users from verbose to info. * `slurmstepd` \- Cleanup per task generated environment for containers in spooldir. * Format batch, extern, interactive, and pending step ids into strings that are human readable. * `slurmrestd` \- Reduce memory usage when printing out job CPU frequency. * `data_parser/v0.0.39` \- Add `required/memory_per_cpu` and `required/memory_per_node` to `sacct --json` and `sacct --yaml` and `GET /slurmdb/v0.0.39/jobs` from slurmrestd. * `gpu/oneapi` \- Store cores correctly so CPU affinity is tracked. * Allow `slurmdbd -R` to work if the root assoc id is not 1. * Limit periodic node registrations to 50 instead of the full `TreeWidth`. Since unresolvable `cloud/dynamic` nodes must disable fanout by setting `TreeWidth` to a large number, this would cause all nodes to register at once. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4333=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4333=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4333=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4333=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4333=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_23_02-hdf5-23.02.5-150300.7.11.2 * slurm_23_02-torque-23.02.5-150300.7.11.2 * slurm_23_02-sql-23.02.5-150300.7.11.2 * slurm_23_02-lua-23.02.5-150300.7.11.2 * slurm_23_02-cray-23.02.5-150300.7.11.2 * slurm_23_02-hdf5-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-23.02.5-150300.7.11.2 * slurm_23_02-node-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-23.02.5-150300.7.11.2 * slurm_23_02-sview-23.02.5-150300.7.11.2 * libpmi0_23_02-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-23.02.5-150300.7.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150300.7.11.2 * slurm_23_02-debugsource-23.02.5-150300.7.11.2 * libslurm39-debuginfo-23.02.5-150300.7.11.2 * libpmi0_23_02-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-debuginfo-23.02.5-150300.7.11.2 * libslurm39-23.02.5-150300.7.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-23.02.5-150300.7.11.2 * slurm_23_02-testsuite-23.02.5-150300.7.11.2 * slurm_23_02-plugins-23.02.5-150300.7.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-devel-23.02.5-150300.7.11.2 * slurm_23_02-23.02.5-150300.7.11.2 * openSUSE Leap 15.3 (noarch) * slurm_23_02-config-man-23.02.5-150300.7.11.2 * slurm_23_02-sjstat-23.02.5-150300.7.11.2 * slurm_23_02-doc-23.02.5-150300.7.11.2 * slurm_23_02-webdoc-23.02.5-150300.7.11.2 * slurm_23_02-config-23.02.5-150300.7.11.2 * slurm_23_02-seff-23.02.5-150300.7.11.2 * slurm_23_02-openlava-23.02.5-150300.7.11.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slurm_23_02-torque-23.02.5-150300.7.11.2 * slurm_23_02-sql-23.02.5-150300.7.11.2 * slurm_23_02-lua-23.02.5-150300.7.11.2 * slurm_23_02-cray-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-23.02.5-150300.7.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-23.02.5-150300.7.11.2 * slurm_23_02-sview-23.02.5-150300.7.11.2 * libpmi0_23_02-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-23.02.5-150300.7.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150300.7.11.2 * slurm_23_02-debugsource-23.02.5-150300.7.11.2 * libslurm39-debuginfo-23.02.5-150300.7.11.2 * libpmi0_23_02-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-debuginfo-23.02.5-150300.7.11.2 * libslurm39-23.02.5-150300.7.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-23.02.5-150300.7.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-23.02.5-150300.7.11.2 * slurm_23_02-devel-23.02.5-150300.7.11.2 * slurm_23_02-23.02.5-150300.7.11.2 * openSUSE Leap 15.4 (noarch) * slurm_23_02-config-23.02.5-150300.7.11.2 * slurm_23_02-webdoc-23.02.5-150300.7.11.2 * slurm_23_02-doc-23.02.5-150300.7.11.2 * slurm_23_02-config-man-23.02.5-150300.7.11.2 * HPC Module 15-SP4 (aarch64 x86_64) * slurm_23_02-torque-23.02.5-150300.7.11.2 * slurm_23_02-sql-23.02.5-150300.7.11.2 * slurm_23_02-lua-23.02.5-150300.7.11.2 * slurm_23_02-cray-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-23.02.5-150300.7.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-23.02.5-150300.7.11.2 * slurm_23_02-sview-23.02.5-150300.7.11.2 * libpmi0_23_02-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-23.02.5-150300.7.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150300.7.11.2 * slurm_23_02-debugsource-23.02.5-150300.7.11.2 * libslurm39-debuginfo-23.02.5-150300.7.11.2 * libpmi0_23_02-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-debuginfo-23.02.5-150300.7.11.2 * libslurm39-23.02.5-150300.7.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-23.02.5-150300.7.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-23.02.5-150300.7.11.2 * slurm_23_02-devel-23.02.5-150300.7.11.2 * slurm_23_02-23.02.5-150300.7.11.2 * HPC Module 15-SP4 (noarch) * slurm_23_02-config-23.02.5-150300.7.11.2 * slurm_23_02-webdoc-23.02.5-150300.7.11.2 * slurm_23_02-doc-23.02.5-150300.7.11.2 * slurm_23_02-config-man-23.02.5-150300.7.11.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm_23_02-torque-23.02.5-150300.7.11.2 * slurm_23_02-sql-23.02.5-150300.7.11.2 * slurm_23_02-lua-23.02.5-150300.7.11.2 * slurm_23_02-cray-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-23.02.5-150300.7.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-23.02.5-150300.7.11.2 * slurm_23_02-sview-23.02.5-150300.7.11.2 * libpmi0_23_02-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-23.02.5-150300.7.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150300.7.11.2 * slurm_23_02-debugsource-23.02.5-150300.7.11.2 * libslurm39-debuginfo-23.02.5-150300.7.11.2 * libpmi0_23_02-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-debuginfo-23.02.5-150300.7.11.2 * libslurm39-23.02.5-150300.7.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-23.02.5-150300.7.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-23.02.5-150300.7.11.2 * slurm_23_02-devel-23.02.5-150300.7.11.2 * slurm_23_02-23.02.5-150300.7.11.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_23_02-config-23.02.5-150300.7.11.2 * slurm_23_02-webdoc-23.02.5-150300.7.11.2 * slurm_23_02-doc-23.02.5-150300.7.11.2 * slurm_23_02-config-man-23.02.5-150300.7.11.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-torque-23.02.5-150300.7.11.2 * slurm_23_02-sql-23.02.5-150300.7.11.2 * slurm_23_02-lua-23.02.5-150300.7.11.2 * slurm_23_02-cray-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-23.02.5-150300.7.11.2 * slurm_23_02-rest-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-lua-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-rest-23.02.5-150300.7.11.2 * slurm_23_02-sview-23.02.5-150300.7.11.2 * libpmi0_23_02-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-slurmdbd-23.02.5-150300.7.11.2 * slurm_23_02-cray-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-debuginfo-23.02.5-150300.7.11.2 * perl-slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * libnss_slurm2_23_02-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugin-ext-sensors-rrd-23.02.5-150300.7.11.2 * slurm_23_02-debugsource-23.02.5-150300.7.11.2 * libslurm39-debuginfo-23.02.5-150300.7.11.2 * libpmi0_23_02-23.02.5-150300.7.11.2 * slurm_23_02-auth-none-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-sql-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-node-debuginfo-23.02.5-150300.7.11.2 * libslurm39-23.02.5-150300.7.11.2 * slurm_23_02-sview-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-munge-23.02.5-150300.7.11.2 * slurm_23_02-pam_slurm-23.02.5-150300.7.11.2 * slurm_23_02-torque-debuginfo-23.02.5-150300.7.11.2 * slurm_23_02-plugins-23.02.5-150300.7.11.2 * slurm_23_02-devel-23.02.5-150300.7.11.2 * slurm_23_02-23.02.5-150300.7.11.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-config-23.02.5-150300.7.11.2 * slurm_23_02-webdoc-23.02.5-150300.7.11.2 * slurm_23_02-doc-23.02.5-150300.7.11.2 * slurm_23_02-config-man-23.02.5-150300.7.11.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215437 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 08:30:14 -0000 Subject: SUSE-RU-2023:4332-1: moderate: Recommended update for slurm Message-ID: <169891381471.5339.10416596179017937557@smelt2.prg2.suse.org> # Recommended update for slurm Announcement ID: SUSE-RU-2023:4332-1 Rating: moderate References: * bsc#1215437 Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for slurm fixes the following issues: * Updated to version 23.02.5 with the following changes: * Bug Fixes: * Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the job's environment when `--ntasks-per-node` was requested. The method that is is being set, however, is different and should be more accurate in more situations. * Change pmi2 plugin to honor the `SrunPortRange` option. This matches the new behavior of the pmix plugin in 23.02.0. Note that neither of these plugins makes use of the `MpiParams=ports=` option, and previously were only limited by the systems ephemeral port range. * Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if a node features plugin is configured. * Fix and prevent reoccurring reservations from overlapping. * `job_container/tmpfs` \- Avoid attempts to share BasePath between nodes. * With `CR_Cpu_Memory`, fix node selection for jobs that request gres and `--mem-per-cpu`. * Fix a regression from 22.05.7 in which some jobs were allocated too few nodes, thus overcommitting cpus to some tasks. * Fix a job being stuck in the completing state if the job ends while the primary controller is down or unresponsive and the backup controller has not yet taken over. * Fix `slurmctld` segfault when a node registers with a configured `CpuSpecList` while `slurmctld` configuration has the node without `CpuSpecList`. * Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after not registering by `ResumeTimeout`. * `slurmstepd` \- Avoid cleanup of `config.json-less` containers spooldir getting skipped. * Fix scontrol segfault when 'completing' command requested repeatedly in interactive mode. * Properly handle a race condition between `bind()` and `listen()` calls in the network stack when running with SrunPortRange set. * Federation - Fix revoked jobs being returned regardless of the `-a`/`--all` option for privileged users. * Federation - Fix canceling pending federated jobs from non-origin clusters which could leave federated jobs orphaned from the origin cluster. * Fix sinfo segfault when printing multiple clusters with `--noheader` option. * Federation - fix clusters not syncing if clusters are added to a federation before they have registered with the dbd. * `node_features/helpers` \- Fix node selection for jobs requesting changeable. features with the `|` operator, which could prevent jobs from running on some valid nodes. * `node_features/helpers` \- Fix inconsistent handling of `&` and `|`, where an AND'd feature was sometimes AND'd to all sets of features instead of just the current set. E.g. `foo|bar&baz` was interpreted as `{foo,baz}` or `{bar,baz}` instead of how it is documented: `{foo} or {bar,baz}`. * Fix job accounting so that when a job is requeued its allocated node count is cleared. After the requeue, sacct will correctly show that the job has 0 `AllocNodes` while it is pending or if it is canceled before restarting. * `sacct` \- `AllocCPUS` now correctly shows 0 if a job has not yet received an allocation or if the job was canceled before getting one. * Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs, and do not detect `/dev/dri/card[0-9]+`. * Fix node selection for jobs that request `--gpus` and a number of tasks fewer than GPUs, which resulted in incorrectly rejecting these jobs. * Remove `MYSQL_OPT_RECONNECT` completely. * Fix cloud nodes in `POWERING_UP` state disappearing (getting set to `FUTURE`) when an `scontrol reconfigure` happens. * `openapi/dbv0.0.39` \- Avoid assert / segfault on missing coordinators list. * `slurmrestd` \- Correct memory leak while parsing OpenAPI specification templates with server overrides. * Fix overwriting user node reason with system message. * Prevent deadlock when `rpc_queue` is enabled. * `slurmrestd` \- Correct OpenAPI specification generation bug where fields with overlapping parent paths would not get generated. * Fix memory leak as a result of a partition info query. * Fix memory leak as a result of a job info query. * For step allocations, fix `--gres=none` sometimes not ignoring gres from the job. * Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't. * Fix allocations with `CR_SOCKET`, gres not assigned to a specific socket, and block core distribion potentially allocating more sockets than required. * Revert a change in 23.02.3 where Slurm would kill a script's process group as soon as the script ended instead of waiting as long as any process in that process group held the stdout/stderr file descriptors open. That change broke some scripts that relied on the previous behavior. Setting time limits for scripts (such as `PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting indefinitely for scripts to finish. * Fix `slurmdbd -R` not returning an error under certain conditions. * `slurmdbd` \- Avoid potential NULL pointer dereference in the mysql plugin. * Fix regression in 23.02.3 which broken X11 forwarding for hosts when MUNGE sends a localhost address in the encode host field. This is caused when the node hostname is mapped to 127.0.0.1 (or similar) in `/etc/hosts`. * `openapi/[db]v0.0.39` \- fix memory leak on parsing error. * `data_parser/v0.0.39` \- fix updating qos for associations. * `openapi/dbv0.0.39` \- fix updating values for associations with null users. * Fix minor memory leak with `--tres-per-task` and licenses. * Fix cyclic socket cpu distribution for tasks in a step where `--cpus-per-task` < usable threads per core. * `slurmrestd` \- For `GET /slurm/v0.0.39/node[s]`, change format of node's energy field `current_watts` to a dictionary to account for unset value instead of dumping 4294967294. * `slurmrestd` \- For `GET /slurm/v0.0.39/qos`, change format of QOS's field "priority" to a dictionary to account for unset value instead of dumping 4294967294. * slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code' code field in `v0.0.39_job_exit`_code will be set to -127 instead of being left unset where job does not have a relevant return code. * Other Changes: * Remove --uid / --gid options from salloc and srun commands. These options did not work correctly since the CVE-2022-29500 fix in combination with some changes made in 23.02.0. * Add the `JobId` to `debug()` messages indicating when `cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically adjusted. * Change the log message warning for rate limited users from verbose to info. * `slurmstepd` \- Cleanup per task generated environment for containers in spooldir. * Format batch, extern, interactive, and pending step ids into strings that are human readable. * `slurmrestd` \- Reduce memory usage when printing out job CPU frequency. * `data_parser/v0.0.39` \- Add `required/memory_per_cpu` and `required/memory_per_node` to `sacct --json` and `sacct --yaml` and `GET /slurmdb/v0.0.39/jobs` from slurmrestd. * `gpu/oneapi` \- Store cores correctly so CPU affinity is tracked. * Allow `slurmdbd -R` to work if the root assoc id is not 1. * Limit periodic node registrations to 50 instead of the full `TreeWidth`. Since unresolvable `cloud/dynamic` nodes must disable fanout by setting `TreeWidth` to a large number, this would cause all nodes to register at once. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4332=1 openSUSE-SLE-15.5-2023-4332=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4332=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4332=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm-pam_slurm-debuginfo-23.02.5-150500.5.9.2 * libpmi0-23.02.5-150500.5.9.2 * slurm-hdf5-debuginfo-23.02.5-150500.5.9.2 * slurm-hdf5-23.02.5-150500.5.9.2 * slurm-munge-debuginfo-23.02.5-150500.5.9.2 * slurm-cray-23.02.5-150500.5.9.2 * slurm-sview-debuginfo-23.02.5-150500.5.9.2 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.5-150500.5.9.2 * slurm-torque-debuginfo-23.02.5-150500.5.9.2 * slurm-rest-debuginfo-23.02.5-150500.5.9.2 * slurm-lua-23.02.5-150500.5.9.2 * slurm-slurmdbd-23.02.5-150500.5.9.2 * slurm-lua-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-23.02.5-150500.5.9.2 * slurm-slurmdbd-debuginfo-23.02.5-150500.5.9.2 * slurm-node-debuginfo-23.02.5-150500.5.9.2 * slurm-pam_slurm-23.02.5-150500.5.9.2 * slurm-devel-23.02.5-150500.5.9.2 * perl-slurm-debuginfo-23.02.5-150500.5.9.2 * slurm-plugins-debuginfo-23.02.5-150500.5.9.2 * slurm-sql-debuginfo-23.02.5-150500.5.9.2 * libpmi0-debuginfo-23.02.5-150500.5.9.2 * slurm-munge-23.02.5-150500.5.9.2 * slurm-node-23.02.5-150500.5.9.2 * perl-slurm-23.02.5-150500.5.9.2 * slurm-plugin-ext-sensors-rrd-23.02.5-150500.5.9.2 * slurm-plugins-23.02.5-150500.5.9.2 * libnss_slurm2-23.02.5-150500.5.9.2 * slurm-torque-23.02.5-150500.5.9.2 * libslurm39-debuginfo-23.02.5-150500.5.9.2 * slurm-sql-23.02.5-150500.5.9.2 * libnss_slurm2-debuginfo-23.02.5-150500.5.9.2 * slurm-23.02.5-150500.5.9.2 * slurm-sview-23.02.5-150500.5.9.2 * slurm-rest-23.02.5-150500.5.9.2 * slurm-cray-debuginfo-23.02.5-150500.5.9.2 * slurm-debugsource-23.02.5-150500.5.9.2 * slurm-testsuite-23.02.5-150500.5.9.2 * slurm-debuginfo-23.02.5-150500.5.9.2 * libslurm39-23.02.5-150500.5.9.2 * openSUSE Leap 15.5 (noarch) * slurm-webdoc-23.02.5-150500.5.9.2 * slurm-config-23.02.5-150500.5.9.2 * slurm-seff-23.02.5-150500.5.9.2 * slurm-doc-23.02.5-150500.5.9.2 * slurm-sjstat-23.02.5-150500.5.9.2 * slurm-openlava-23.02.5-150500.5.9.2 * slurm-config-man-23.02.5-150500.5.9.2 * HPC Module 15-SP5 (aarch64 x86_64) * slurm-pam_slurm-debuginfo-23.02.5-150500.5.9.2 * libpmi0-23.02.5-150500.5.9.2 * slurm-munge-debuginfo-23.02.5-150500.5.9.2 * slurm-cray-23.02.5-150500.5.9.2 * slurm-sview-debuginfo-23.02.5-150500.5.9.2 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.5-150500.5.9.2 * slurm-torque-debuginfo-23.02.5-150500.5.9.2 * slurm-rest-debuginfo-23.02.5-150500.5.9.2 * slurm-lua-23.02.5-150500.5.9.2 * slurm-slurmdbd-23.02.5-150500.5.9.2 * slurm-lua-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-23.02.5-150500.5.9.2 * slurm-slurmdbd-debuginfo-23.02.5-150500.5.9.2 * slurm-node-debuginfo-23.02.5-150500.5.9.2 * slurm-pam_slurm-23.02.5-150500.5.9.2 * slurm-devel-23.02.5-150500.5.9.2 * perl-slurm-debuginfo-23.02.5-150500.5.9.2 * slurm-plugins-debuginfo-23.02.5-150500.5.9.2 * slurm-sql-debuginfo-23.02.5-150500.5.9.2 * libpmi0-debuginfo-23.02.5-150500.5.9.2 * slurm-munge-23.02.5-150500.5.9.2 * slurm-node-23.02.5-150500.5.9.2 * perl-slurm-23.02.5-150500.5.9.2 * slurm-plugin-ext-sensors-rrd-23.02.5-150500.5.9.2 * slurm-plugins-23.02.5-150500.5.9.2 * libnss_slurm2-23.02.5-150500.5.9.2 * slurm-torque-23.02.5-150500.5.9.2 * libslurm39-debuginfo-23.02.5-150500.5.9.2 * slurm-sql-23.02.5-150500.5.9.2 * libnss_slurm2-debuginfo-23.02.5-150500.5.9.2 * slurm-23.02.5-150500.5.9.2 * slurm-sview-23.02.5-150500.5.9.2 * slurm-rest-23.02.5-150500.5.9.2 * slurm-cray-debuginfo-23.02.5-150500.5.9.2 * slurm-debugsource-23.02.5-150500.5.9.2 * slurm-debuginfo-23.02.5-150500.5.9.2 * libslurm39-23.02.5-150500.5.9.2 * HPC Module 15-SP5 (noarch) * slurm-webdoc-23.02.5-150500.5.9.2 * slurm-config-man-23.02.5-150500.5.9.2 * slurm-config-23.02.5-150500.5.9.2 * slurm-doc-23.02.5-150500.5.9.2 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * slurm-pam_slurm-debuginfo-23.02.5-150500.5.9.2 * libpmi0-23.02.5-150500.5.9.2 * slurm-hdf5-debuginfo-23.02.5-150500.5.9.2 * slurm-hdf5-23.02.5-150500.5.9.2 * slurm-munge-debuginfo-23.02.5-150500.5.9.2 * slurm-cray-23.02.5-150500.5.9.2 * slurm-sview-debuginfo-23.02.5-150500.5.9.2 * slurm-torque-debuginfo-23.02.5-150500.5.9.2 * slurm-rest-debuginfo-23.02.5-150500.5.9.2 * slurm-lua-23.02.5-150500.5.9.2 * slurm-slurmdbd-23.02.5-150500.5.9.2 * slurm-lua-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-debuginfo-23.02.5-150500.5.9.2 * slurm-auth-none-23.02.5-150500.5.9.2 * slurm-slurmdbd-debuginfo-23.02.5-150500.5.9.2 * slurm-node-debuginfo-23.02.5-150500.5.9.2 * slurm-pam_slurm-23.02.5-150500.5.9.2 * slurm-devel-23.02.5-150500.5.9.2 * perl-slurm-debuginfo-23.02.5-150500.5.9.2 * slurm-plugins-debuginfo-23.02.5-150500.5.9.2 * slurm-sql-debuginfo-23.02.5-150500.5.9.2 * libpmi0-debuginfo-23.02.5-150500.5.9.2 * slurm-munge-23.02.5-150500.5.9.2 * slurm-node-23.02.5-150500.5.9.2 * perl-slurm-23.02.5-150500.5.9.2 * slurm-plugins-23.02.5-150500.5.9.2 * libnss_slurm2-23.02.5-150500.5.9.2 * slurm-torque-23.02.5-150500.5.9.2 * slurm-sql-23.02.5-150500.5.9.2 * libnss_slurm2-debuginfo-23.02.5-150500.5.9.2 * slurm-23.02.5-150500.5.9.2 * slurm-sview-23.02.5-150500.5.9.2 * slurm-rest-23.02.5-150500.5.9.2 * slurm-cray-debuginfo-23.02.5-150500.5.9.2 * slurm-debugsource-23.02.5-150500.5.9.2 * slurm-debuginfo-23.02.5-150500.5.9.2 * SUSE Package Hub 15 15-SP5 (noarch) * slurm-webdoc-23.02.5-150500.5.9.2 * slurm-config-23.02.5-150500.5.9.2 * slurm-seff-23.02.5-150500.5.9.2 * slurm-doc-23.02.5-150500.5.9.2 * slurm-sjstat-23.02.5-150500.5.9.2 * slurm-openlava-23.02.5-150500.5.9.2 * slurm-config-man-23.02.5-150500.5.9.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215437 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 11:37:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:28 +0100 (CET) Subject: SUSE-CU-2023:3674-1: Recommended update of bci/ruby Message-ID: <20231102113728.99DBAF417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3674-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.26 , bci/ruby:2.5 , bci/ruby:2.5-12.26 , bci/ruby:latest Container Release : 12.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 11:37:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:37 +0100 (CET) Subject: SUSE-CU-2023:3675-1: Recommended update of bci/rust Message-ID: <20231102113737.0FD9EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3675-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.18 , bci/rust:oldstable , bci/rust:oldstable-2.2.18 Container Release : 2.18 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 11:37:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:45 +0100 (CET) Subject: SUSE-CU-2023:3676-1: Recommended update of bci/rust Message-ID: <20231102113745.858EAF417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3676-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.17 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.17 Container Release : 2.17 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-updates at lists.suse.com Thu Nov 2 11:37:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:52 +0100 (CET) Subject: SUSE-CU-2023:3677-1: Security update of suse/sle15 Message-ID: <20231102113752.B28A4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3677-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.52 , suse/sle15:15.5 , suse/sle15:15.5.36.5.52 Container Release : 36.5.52 Severity : important Type : security References : 1196647 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Thu Nov 2 11:37:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:59 +0100 (CET) Subject: SUSE-CU-2023:3678-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231102113759.10F9BF417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3678-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.28 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.28 Container Release : 9.37.28 Severity : important Type : security References : 1107342 1206480 1206684 1210253 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213854 1213915 1214052 1214292 1214395 1214460 1214806 1215007 1215026 1215215 1215286 1215313 1215434 1215713 1215820 1215857 1215888 1215889 1215891 1216123 1216174 1216268 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3977-1 Released: Thu Oct 5 11:43:46 2023 Summary: Maintenance update for SUSE Manager 4.3.8 Release Notes Type: recommended Severity: important References: 1210253,1215820,1215857 Maintenance update for SUSE Manager 4.3.8 Release Notes: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - curl-8.0.1-150400.5.32.1 updated - release-notes-susemanager-proxy-4.3.8.2-150400.3.64.3 updated - systemd-249.16-150400.8.35.5 updated - python3-rpm-4.14.3-150400.59.3.1 updated - python3-cryptography-3.3.2-150400.20.3 updated From sle-updates at lists.suse.com Thu Nov 2 11:38:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:02 +0100 (CET) Subject: SUSE-CU-2023:3679-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231102113802.26790F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3679-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.8 , suse/manager/4.3/proxy-salt-broker:4.3.8.9.27.27 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8.9.27.27 Container Release : 9.27.27 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213854 1213915 1214052 1214292 1214395 1214460 1214806 1215007 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216268 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - curl-8.0.1-150400.5.32.1 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated From sle-updates at lists.suse.com Thu Nov 2 11:38:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:06 +0100 (CET) Subject: SUSE-CU-2023:3680-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231102113806.1A925F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3680-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.8 , suse/manager/4.3/proxy-squid:4.3.8.9.36.24 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.8 , suse/manager/4.3/proxy-squid:susemanager-4.3.8.9.36.24 Container Release : 9.36.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated From sle-updates at lists.suse.com Thu Nov 2 11:38:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:09 +0100 (CET) Subject: SUSE-CU-2023:3681-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231102113809.45B80F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3681-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.8 , suse/manager/4.3/proxy-ssh:4.3.8.9.27.24 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.8 , suse/manager/4.3/proxy-ssh:susemanager-4.3.8.9.27.24 Container Release : 9.27.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated From sle-updates at lists.suse.com Thu Nov 2 11:38:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:12 +0100 (CET) Subject: SUSE-CU-2023:3682-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231102113812.B59C3F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3682-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.8 , suse/manager/4.3/proxy-tftpd:4.3.8.9.27.24 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8.9.27.24 Container Release : 9.27.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1215968 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated From sle-updates at lists.suse.com Thu Nov 2 11:38:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:32 +0100 (CET) Subject: SUSE-CU-2023:3683-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231102113832.2455FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3683-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.487 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.487 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated - container:sles15-image-15.0.0-17.20.207 updated From sle-updates at lists.suse.com Thu Nov 2 11:39:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:39:35 +0100 (CET) Subject: SUSE-CU-2023:3685-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231102113935.DFDBEF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3685-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.309 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.309 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated - container:sles15-image-15.0.0-17.20.207 updated From sle-updates at lists.suse.com Thu Nov 2 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4287-2: important: Security update for gcc13 Message-ID: <169892820727.6086.4107869267122486413@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4287-2 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability, contains five features and has seven security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: NOTE: This update was retracted as it caused breakage with third party applications. This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-4287=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc13-c++-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-1.6.1 * gcc13-fortran-13.2.1+git7813-1.6.1 * gcc13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-c++-13.2.1+git7813-1.6.1 * gcc13-locale-13.2.1+git7813-1.6.1 * cpp13-13.2.1+git7813-1.6.1 * gcc13-debugsource-13.2.1+git7813-1.6.1 * cpp13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-13.2.1+git7813-1.6.1 * gcc13-PIE-13.2.1+git7813-1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-1.6.1 * Toolchain Module 12 (noarch) * gcc13-info-13.2.1+git7813-1.6.1 * Toolchain Module 12 (s390x x86_64) * gcc13-fortran-32bit-13.2.1+git7813-1.6.1 * gcc13-32bit-13.2.1+git7813-1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-1.6.1 * gcc13-c++-32bit-13.2.1+git7813-1.6.1 * Toolchain Module 12 (x86_64) * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libhwasan0-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:11 -0000 Subject: SUSE-RU-2023:4341-1: moderate: Recommended update for kubernetes1.27 Message-ID: <169892821163.6086.9724383684076952903@smelt2.prg2.suse.org> # Recommended update for kubernetes1.27 Announcement ID: SUSE-RU-2023:4341-1 Rating: moderate References: * bsc#1213829 * bsc#1214406 * jsc#PED-5839 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two fixes can now be installed. ## Description: This update for kubernetes1.27 fixes the following issues: This update ships the kubernetes1.27-client package. (jsc#PED-5839) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4341=1 openSUSE-SLE-15.4-2023-4341=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4341=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4341=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4341=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.27-apiserver-1.27.6-150400.9.3.2 * kubernetes1.27-client-1.27.6-150400.9.3.2 * kubernetes1.27-controller-manager-1.27.6-150400.9.3.2 * kubernetes1.27-kubelet-common-1.27.6-150400.9.3.2 * kubernetes1.27-proxy-1.27.6-150400.9.3.2 * kubernetes1.27-client-common-1.27.6-150400.9.3.2 * kubernetes1.27-kubelet-1.27.6-150400.9.3.2 * kubernetes1.27-kubeadm-1.27.6-150400.9.3.2 * kubernetes1.27-scheduler-1.27.6-150400.9.3.2 * openSUSE Leap 15.4 (noarch) * kubernetes1.27-client-fish-completion-1.27.6-150400.9.3.2 * kubernetes1.27-client-bash-completion-1.27.6-150400.9.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.27-client-1.27.6-150400.9.3.2 * kubernetes1.27-client-common-1.27.6-150400.9.3.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.27-client-1.27.6-150400.9.3.2 * kubernetes1.27-client-common-1.27.6-150400.9.3.2 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.27-client-1.27.6-150400.9.3.2 * kubernetes1.27-client-common-1.27.6-150400.9.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213829 * https://bugzilla.suse.com/show_bug.cgi?id=1214406 * https://jira.suse.com/browse/PED-5839 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:14 -0000 Subject: SUSE-RU-2023:4340-1: moderate: Recommended update for kubernetes1.28 Message-ID: <169892821417.6086.2618043226647497268@smelt2.prg2.suse.org> # Recommended update for kubernetes1.28 Announcement ID: SUSE-RU-2023:4340-1 Rating: moderate References: * jsc#PED-5839 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for kubernetes1.28 fixes the following issues: This update ships the kubernetes1.28-client package. (jsc#PED-5839) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4340=1 openSUSE-SLE-15.4-2023-4340=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4340=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4340=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4340=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.28-apiserver-1.28.2-150400.9.3.3 * kubernetes1.28-kubelet-common-1.28.2-150400.9.3.3 * kubernetes1.28-kubelet-1.28.2-150400.9.3.3 * kubernetes1.28-proxy-1.28.2-150400.9.3.3 * kubernetes1.28-scheduler-1.28.2-150400.9.3.3 * kubernetes1.28-client-1.28.2-150400.9.3.3 * kubernetes1.28-client-common-1.28.2-150400.9.3.3 * kubernetes1.28-controller-manager-1.28.2-150400.9.3.3 * kubernetes1.28-kubeadm-1.28.2-150400.9.3.3 * openSUSE Leap 15.4 (noarch) * kubernetes1.28-client-fish-completion-1.28.2-150400.9.3.3 * kubernetes1.28-client-bash-completion-1.28.2-150400.9.3.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.28-client-1.28.2-150400.9.3.3 * kubernetes1.28-client-common-1.28.2-150400.9.3.3 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.28-client-1.28.2-150400.9.3.3 * kubernetes1.28-client-common-1.28.2-150400.9.3.3 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.28-client-1.28.2-150400.9.3.3 * kubernetes1.28-client-common-1.28.2-150400.9.3.3 ## References: * https://jira.suse.com/browse/PED-5839 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4338-1: important: Security update for xorg-x11-server Message-ID: <169892821721.6086.18074163869637560625@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4338-1 Rating: important References: * bsc#1216133 * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5380 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5380 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5380 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4338=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4338=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4338=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4338=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4338=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4338=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4338=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4338=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4338=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4338=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4338=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4338=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4338=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4338=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Manager Proxy 4.2 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5380.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216133 * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:28 -0000 Subject: SUSE-SU-2023:4337-1: important: Security update for tomcat Message-ID: <169892822801.6086.2146313631849555752@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:4337-1 Rating: important References: * bsc#1216118 * bsc#1216119 Cross-References: * CVE-2023-42795 * CVE-2023-45648 CVSS scores: * CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup (bsc#1216119). * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers (bsc#1216118). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42795.html * https://www.suse.com/security/cve/CVE-2023-45648.html * https://bugzilla.suse.com/show_bug.cgi?id=1216118 * https://bugzilla.suse.com/show_bug.cgi?id=1216119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4349-1: important: Security update for the Linux Kernel Message-ID: <169894260667.4679.13870213868415953834@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4349-1 Rating: important References: * bsc#1206010 * bsc#1208788 * bsc#1210778 * bsc#1213705 * bsc#1213950 * bsc#1213977 * bsc#1215743 * bsc#1215745 * bsc#1216046 * bsc#1216051 * bsc#1216107 * bsc#1216140 * bsc#1216340 * bsc#1216513 * bsc#1216514 Cross-References: * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-45862 CVSS scores: * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves four vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). * CKC: Clarify usage * crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes). * iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * iommu/amd: Remove useless irq affinity notifier (bsc#1206010). * iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010). * kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * KVM: s390: fix sthyi error handling (git-fixes bsc#1216107). * memcg: drop kmem.limit_in_bytes (bsc#1208788) * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * ratelimit: Fix data-races in ___ratelimit() (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513). * s390/ptrace: fix setting syscall number (git-fixes bsc#1216340). * s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140). * s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950). * s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950). * sched: Avoid scale real weight down to zero (git fixes (sched)). * sched: correct SD_flags returned by tl->sd_flags() (git fixes (sched)). * sched: Reenable interrupts in do_sched_yield() (git fixes (sched)). * sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() (git fixes (sched)). * sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (git fixes (sched)). * sched/fair: Do not balance task to its current running CPU (git fixes (sched)). * sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (git fixes (sched)). * sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE (git fixes (sched)). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514). * tools/thermal: Fix possible path truncations (git-fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * use optional first argument as a base-ref instead of upstream branch * vhost-scsi: unbreak any layout for response (git-fixes). * virtio_balloon: fix deadlock on OOM (git-fixes). * virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio: Protect vqs list access (git-fixes). * vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes). * xen-netback: use default TX queue size for vifs (git-fixes). * xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743). * xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4349=1 SUSE-SLE- SERVER-12-SP5-2023-4349=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4349=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4349=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4349=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4349=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4349=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4349=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-base-4.12.14-122.183.1 * kernel-default-debuginfo-4.12.14-122.183.1 * dlm-kmp-default-4.12.14-122.183.1 * kernel-default-devel-4.12.14-122.183.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.183.1 * dlm-kmp-default-debuginfo-4.12.14-122.183.1 * gfs2-kmp-default-4.12.14-122.183.1 * kernel-default-base-debuginfo-4.12.14-122.183.1 * kernel-default-debugsource-4.12.14-122.183.1 * ocfs2-kmp-default-4.12.14-122.183.1 * cluster-md-kmp-default-4.12.14-122.183.1 * gfs2-kmp-default-debuginfo-4.12.14-122.183.1 * kernel-syms-4.12.14-122.183.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.183.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-4.12.14-122.183.1 * kernel-devel-4.12.14-122.183.1 * kernel-macros-4.12.14-122.183.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.183.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.183.1 * dlm-kmp-default-4.12.14-122.183.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.183.1 * dlm-kmp-default-debuginfo-4.12.14-122.183.1 * gfs2-kmp-default-4.12.14-122.183.1 * kernel-default-debugsource-4.12.14-122.183.1 * ocfs2-kmp-default-4.12.14-122.183.1 * cluster-md-kmp-default-4.12.14-122.183.1 * gfs2-kmp-default-debuginfo-4.12.14-122.183.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.183.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-devel-4.12.14-122.183.1 * kernel-default-debuginfo-4.12.14-122.183.1 * kernel-default-kgraft-4.12.14-122.183.1 * kgraft-patch-4_12_14-122_183-default-1-8.3.1 * kernel-default-debugsource-4.12.14-122.183.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.183.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.183.1 * kernel-obs-build-debugsource-4.12.14-122.183.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-base-4.12.14-122.183.1 * kernel-default-debuginfo-4.12.14-122.183.1 * kernel-default-devel-4.12.14-122.183.1 * kernel-default-base-debuginfo-4.12.14-122.183.1 * kernel-default-debugsource-4.12.14-122.183.1 * kernel-syms-4.12.14-122.183.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-4.12.14-122.183.1 * kernel-devel-4.12.14-122.183.1 * kernel-macros-4.12.14-122.183.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.183.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-base-4.12.14-122.183.1 * kernel-default-debuginfo-4.12.14-122.183.1 * kernel-default-devel-4.12.14-122.183.1 * kernel-default-base-debuginfo-4.12.14-122.183.1 * kernel-default-debugsource-4.12.14-122.183.1 * kernel-syms-4.12.14-122.183.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-4.12.14-122.183.1 * kernel-devel-4.12.14-122.183.1 * kernel-macros-4.12.14-122.183.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.183.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.183.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.183.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-extra-debuginfo-4.12.14-122.183.1 * kernel-default-extra-4.12.14-122.183.1 * kernel-default-debugsource-4.12.14-122.183.1 * kernel-default-debuginfo-4.12.14-122.183.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213950 * https://bugzilla.suse.com/show_bug.cgi?id=1213977 * https://bugzilla.suse.com/show_bug.cgi?id=1215743 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216107 * https://bugzilla.suse.com/show_bug.cgi?id=1216140 * https://bugzilla.suse.com/show_bug.cgi?id=1216340 * https://bugzilla.suse.com/show_bug.cgi?id=1216513 * https://bugzilla.suse.com/show_bug.cgi?id=1216514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4347-1: important: Security update for the Linux Kernel Message-ID: <169894261271.4679.14928516950979553533@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4347-1 Rating: important References: * bsc#1208995 * bsc#1210169 * bsc#1210778 * bsc#1212703 * bsc#1214233 * bsc#1214380 * bsc#1214386 * bsc#1215115 * bsc#1215117 * bsc#1215221 * bsc#1215275 * bsc#1215299 * bsc#1215467 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 * bsc#1216051 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-40283 * CVE-2023-42754 * CVE-2023-45862 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 17 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * mkspec: Allow unsupported KMPs (bsc#1214386) * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4347=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4347=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4347=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4347=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4347=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4347=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4347=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-debug-4.12.14-150100.197.160.1 * kernel-zfcpdump-4.12.14-150100.197.160.1 * kernel-kvmsmall-4.12.14-150100.197.160.1 * kernel-default-4.12.14-150100.197.160.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-4.12.14-150100.197.160.1 * kernel-debug-base-debuginfo-4.12.14-150100.197.160.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-base-4.12.14-150100.197.160.1 * kernel-vanilla-devel-4.12.14-150100.197.160.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-default-base-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-debugsource-4.12.14-150100.197.160.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.160.1 * kernel-kvmsmall-base-4.12.14-150100.197.160.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.160.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.160.1 * kernel-zfcpdump-man-4.12.14-150100.197.160.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.160.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-devel-4.12.14-150100.197.160.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-vanilla-base-4.12.14-150100.197.160.1 * kernel-vanilla-debugsource-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_160-default-1-150100.3.3.1 * kernel-default-livepatch-devel-4.12.14-150100.197.160.1 * kernel-default-livepatch-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.160.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * cluster-md-kmp-default-4.12.14-150100.197.160.1 * gfs2-kmp-default-4.12.14-150100.197.160.1 * ocfs2-kmp-default-4.12.14-150100.197.160.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1 * dlm-kmp-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-obs-build-debugsource-4.12.14-150100.197.160.1 * kernel-syms-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * kernel-default-base-4.12.14-150100.197.160.1 * kernel-obs-build-4.12.14-150100.197.160.1 * kernel-default-base-debuginfo-4.12.14-150100.197.160.1 * kernel-default-devel-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.160.1 * kernel-macros-4.12.14-150100.197.160.1 * kernel-source-4.12.14-150100.197.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-obs-build-debugsource-4.12.14-150100.197.160.1 * kernel-syms-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-base-4.12.14-150100.197.160.1 * reiserfs-kmp-default-4.12.14-150100.197.160.1 * kernel-obs-build-4.12.14-150100.197.160.1 * kernel-default-base-debuginfo-4.12.14-150100.197.160.1 * kernel-default-devel-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-devel-4.12.14-150100.197.160.1 * kernel-macros-4.12.14-150100.197.160.1 * kernel-source-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-zfcpdump-debuginfo-4.12.14-150100.197.160.1 * kernel-default-man-4.12.14-150100.197.160.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-obs-build-debugsource-4.12.14-150100.197.160.1 * kernel-syms-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-base-4.12.14-150100.197.160.1 * reiserfs-kmp-default-4.12.14-150100.197.160.1 * kernel-obs-build-4.12.14-150100.197.160.1 * kernel-default-base-debuginfo-4.12.14-150100.197.160.1 * kernel-default-devel-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-devel-4.12.14-150100.197.160.1 * kernel-macros-4.12.14-150100.197.160.1 * kernel-source-4.12.14-150100.197.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.160.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.160.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-devel-debuginfo-4.12.14-150100.197.160.1 * kernel-obs-build-debugsource-4.12.14-150100.197.160.1 * kernel-syms-4.12.14-150100.197.160.1 * kernel-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-debugsource-4.12.14-150100.197.160.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1 * kernel-default-base-4.12.14-150100.197.160.1 * reiserfs-kmp-default-4.12.14-150100.197.160.1 * kernel-obs-build-4.12.14-150100.197.160.1 * kernel-default-base-debuginfo-4.12.14-150100.197.160.1 * kernel-default-devel-4.12.14-150100.197.160.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-devel-4.12.14-150100.197.160.1 * kernel-macros-4.12.14-150100.197.160.1 * kernel-source-4.12.14-150100.197.160.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.160.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4343-1: important: Security update for the Linux Kernel Message-ID: <169894261825.4679.5686503133121404380@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4343-1 Rating: important References: * bsc#1211162 * bsc#1211307 * bsc#1213772 * bsc#1214754 * bsc#1214874 * bsc#1215545 * bsc#1215921 * bsc#1215955 * bsc#1216062 * bsc#1216202 * bsc#1216322 * bsc#1216324 * bsc#1216333 * bsc#1216512 Cross-References: * CVE-2023-2163 * CVE-2023-2860 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-39191 * CVE-2023-39193 * CVE-2023-45862 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves nine vulnerabilities and has five security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) * CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). * ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). * ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). * ALSA: hda/realtek - Fixed two speaker platform (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). * ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * Fix metadata references * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). * Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). * USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * USB: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bonding: Fix extraction of ports from the packet headers (bsc#1214754). * bonding: Return pointer to data after pull on skb (bsc#1214754). * bonding: do not assume skb mac_header is set (bsc#1214754). * bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). * bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). * bpf: Add override check to kprobe multi link attach (git-fixes). * bpf: Add zero_map_value to zero map value with special fields (git-fixes). * bpf: Cleanup check_refcount_ok (git-fixes). * bpf: Fix max stack depth check for async callbacks (git-fixes). * bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). * bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). * bpf: Fix resetting logic for unreferenced kptrs (git-fixes). * bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). * bpf: Gate dynptr API behind CAP_BPF (git-fixes). * bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). * bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). * bpf: Tighten ptr_to_btf_id checks (git-fixes). * bpf: fix precision propagation verbose logging (git-fixes). * bpf: prevent decl_tag from being referenced in func_proto (git-fixes). * bpf: propagate precision across all frames, not just the last one (git- fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * btf: Export bpf_dynptr definition (git-fixes). * btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). * ceph: add encryption support to writepage and writepages (jsc#SES-1880). * ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). * ceph: add helpers for converting names for userland presentation (jsc#SES-1880). * ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). * ceph: add new mount option to enable sparse reads (jsc#SES-1880). * ceph: add object version support for sync read (jsc#SES-1880). * ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). * ceph: add some fscrypt guardrails (jsc#SES-1880). * ceph: add support for encrypted snapshot names (jsc#SES-1880). * ceph: add support to readdir for encrypted names (jsc#SES-1880). * ceph: add truncate size handling support for fscrypt (jsc#SES-1880). * ceph: align data in pages in ceph_sync_write (jsc#SES-1880). * ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). * ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). * ceph: decode alternate_name in lease info (jsc#SES-1880). * ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). * ceph: drop messages from MDS when unmounting (jsc#SES-1880). * ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). * ceph: fix type promotion bug on 32bit systems (bsc#1216324). * ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). * ceph: fscrypt_auth handling for ceph (jsc#SES-1880). * ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). * ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). * ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). * ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). * ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). * ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). * ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). * ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). * ceph: mark directory as non-complete after loading key (jsc#SES-1880). * ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). * ceph: plumb in decryption during reads (jsc#SES-1880). * ceph: preallocate inode for ops that may create one (jsc#SES-1880). * ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). * ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). * ceph: send alternate_name in MClientRequest (jsc#SES-1880). * ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). * ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). * ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). * ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). * ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). * ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). * drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). * drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git- fixes). * drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). * drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). * drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). * drm/atomic-helper: relax unregistered connector check (git-fixes). * drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git- fixes). * drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). * fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * intel x86 platform vsec kABI workaround (bsc#1216202). * io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). * io_uring/rw: defer fsnotify calls to task context (git-fixes). * io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). * io_uring/rw: remove leftover debug statement (git-fixes). * io_uring: Replace 0-length array with flexible array (git-fixes). * io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). * io_uring: fix fdinfo sqe offsets calculation (git-fixes). * io_uring: fix memory leak when removing provided buffers (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) * kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). * libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). * libceph: add sparse read support to OSD client (jsc#SES-1880). * libceph: add sparse read support to msgr1 (jsc#SES-1880). * libceph: add spinlock around osd->o_requests (jsc#SES-1880). * libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). * libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). * libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). * libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). * libceph: use kernel_connect() (bsc#1216323). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net: use sk_is_tcp() in more places (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). * platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). * platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). * platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). * platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * remove unnecessary WARN_ON_ONCE() (bsc#1214823). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). * scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). * scsi: iscsi: Add length check for nlattr payload (git-fixes). * scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). * scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). * scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). * scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git- fixes). * scsi: pm8001: Setup IRQs on resume (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). * scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). * scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). * selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto argument (git- fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto return type (git- fixes). * selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). * selftests/bpf: Clean up sys_nanosleep uses (git-fixes). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * xen-netback: use default TX queue size for vifs (git-fixes). * xhci: Keep interrupt disabled in initialization until host is running (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4343=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4343=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4343=1 openSUSE-SLE-15.5-2023-4343=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4343=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt_debug-vdso-5.14.21-150500.13.24.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1 * ocfs2-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-debuginfo-5.14.21-150500.13.24.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.24.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1 * cluster-md-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt-vdso-5.14.21-150500.13.24.1 * gfs2-kmp-rt-5.14.21-150500.13.24.1 * kernel-syms-rt-5.14.21-150500.13.24.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-devel-5.14.21-150500.13.24.1 * dlm-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt_debug-devel-5.14.21-150500.13.24.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-debugsource-5.14.21-150500.13.24.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.24.1 * kernel-devel-rt-5.14.21-150500.13.24.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.24.1 * kernel-rt-5.14.21-150500.13.24.1 * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.24.1 * kernel-devel-rt-5.14.21-150500.13.24.1 * openSUSE Leap 15.5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1 * kselftests-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt_debug-vdso-5.14.21-150500.13.24.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * reiserfs-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1 * ocfs2-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-debuginfo-5.14.21-150500.13.24.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-livepatch-5.14.21-150500.13.24.1 * kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.24.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.24.1 * cluster-md-kmp-rt-5.14.21-150500.13.24.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * gfs2-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt-optional-5.14.21-150500.13.24.1 * kernel-syms-rt-5.14.21-150500.13.24.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-extra-5.14.21-150500.13.24.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.24.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.24.1 * kernel-rt-devel-5.14.21-150500.13.24.1 * dlm-kmp-rt-5.14.21-150500.13.24.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.24.1 * kernel-rt_debug-devel-5.14.21-150500.13.24.1 * kernel-rt-vdso-5.14.21-150500.13.24.1 * kernel-rt-debugsource-5.14.21-150500.13.24.1 * kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.24.1 * kernel-rt-5.14.21-150500.13.24.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.24.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.24.1 * kernel-rt-debuginfo-5.14.21-150500.13.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-2860.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39191.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214754 * https://bugzilla.suse.com/show_bug.cgi?id=1214874 * https://bugzilla.suse.com/show_bug.cgi?id=1215545 * https://bugzilla.suse.com/show_bug.cgi?id=1215921 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216202 * https://bugzilla.suse.com/show_bug.cgi?id=1216322 * https://bugzilla.suse.com/show_bug.cgi?id=1216324 * https://bugzilla.suse.com/show_bug.cgi?id=1216333 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:25 -0000 Subject: SUSE-SU-2023:4348-1: important: Security update for the Linux Kernel Message-ID: <169894262538.4679.6530235081767506206@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4348-1 Rating: important References: * bsc#1210778 * bsc#1210853 * bsc#1212051 * bsc#1214842 * bsc#1215095 * bsc#1215467 * bsc#1215518 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 * bsc#1216051 * bsc#1216134 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-3111 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-45862 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 11 vulnerabilities and has three security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4348=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4348=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4348=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4348=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4348=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4348=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4348=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4348=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4348=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4348=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4348=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4348=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4348=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-source-vanilla-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-docs-html-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-debug-5.3.18-150300.59.141.2 * kernel-kvmsmall-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-debug-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-debug-devel-5.3.18-150300.59.141.2 * kernel-debug-debuginfo-5.3.18-150300.59.141.2 * kernel-debug-livepatch-devel-5.3.18-150300.59.141.2 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.141.2 * kernel-kvmsmall-devel-5.3.18-150300.59.141.2 * kernel-debug-debugsource-5.3.18-150300.59.141.2 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.141.2 * kernel-kvmsmall-debugsource-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.3.18-150300.59.141.2 * kselftests-kmp-default-5.3.18-150300.59.141.2 * kernel-default-extra-debuginfo-5.3.18-150300.59.141.2 * dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-extra-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-default-livepatch-5.3.18-150300.59.141.2 * kernel-obs-qa-5.3.18-150300.59.141.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-optional-debuginfo-5.3.18-150300.59.141.2 * gfs2-kmp-default-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * kernel-default-base-rebuild-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-optional-5.3.18-150300.59.141.2 * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-livepatch-devel-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * dlm-kmp-default-5.3.18-150300.59.141.2 * ocfs2-kmp-default-5.3.18-150300.59.141.2 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_38-debugsource-1-150300.7.3.2 * kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2 * kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-1-150300.7.3.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_141-preempt-1-150300.7.3.2 * kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-1-150300.7.3.2 * openSUSE Leap 15.3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.141.2 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * ocfs2-kmp-preempt-5.3.18-150300.59.141.2 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * kselftests-kmp-preempt-5.3.18-150300.59.141.2 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.141.2 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-optional-5.3.18-150300.59.141.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-livepatch-devel-5.3.18-150300.59.141.2 * dlm-kmp-preempt-5.3.18-150300.59.141.2 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-extra-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * gfs2-kmp-preempt-5.3.18-150300.59.141.2 * reiserfs-kmp-preempt-5.3.18-150300.59.141.2 * cluster-md-kmp-preempt-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.141.1 * openSUSE Leap 15.3 (aarch64) * reiserfs-kmp-64kb-5.3.18-150300.59.141.2 * kselftests-kmp-64kb-5.3.18-150300.59.141.2 * gfs2-kmp-64kb-5.3.18-150300.59.141.2 * kernel-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.141.2 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-livepatch-devel-5.3.18-150300.59.141.2 * kernel-64kb-optional-5.3.18-150300.59.141.2 * dtb-al-5.3.18-150300.59.141.1 * dtb-exynos-5.3.18-150300.59.141.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * dtb-xilinx-5.3.18-150300.59.141.1 * ocfs2-kmp-64kb-5.3.18-150300.59.141.2 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.141.2 * dtb-cavium-5.3.18-150300.59.141.1 * dtb-apm-5.3.18-150300.59.141.1 * dtb-arm-5.3.18-150300.59.141.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2 * dtb-altera-5.3.18-150300.59.141.1 * dtb-rockchip-5.3.18-150300.59.141.1 * kernel-64kb-devel-5.3.18-150300.59.141.2 * dtb-broadcom-5.3.18-150300.59.141.1 * dtb-zte-5.3.18-150300.59.141.1 * dtb-amd-5.3.18-150300.59.141.1 * dlm-kmp-64kb-5.3.18-150300.59.141.2 * cluster-md-kmp-64kb-5.3.18-150300.59.141.2 * dtb-renesas-5.3.18-150300.59.141.1 * kernel-64kb-debugsource-5.3.18-150300.59.141.2 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * dtb-marvell-5.3.18-150300.59.141.1 * dtb-amlogic-5.3.18-150300.59.141.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * dtb-freescale-5.3.18-150300.59.141.1 * dtb-hisilicon-5.3.18-150300.59.141.1 * dtb-socionext-5.3.18-150300.59.141.1 * dtb-sprd-5.3.18-150300.59.141.1 * dtb-qcom-5.3.18-150300.59.141.1 * dtb-allwinner-5.3.18-150300.59.141.1 * kernel-64kb-extra-5.3.18-150300.59.141.2 * dtb-nvidia-5.3.18-150300.59.141.1 * dtb-mediatek-5.3.18-150300.59.141.1 * dtb-lg-5.3.18-150300.59.141.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.141.2 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.141.1 * openSUSE Leap 15.4 (aarch64) * dtb-al-5.3.18-150300.59.141.1 * dtb-zte-5.3.18-150300.59.141.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-default-livepatch-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2 * gfs2-kmp-default-5.3.18-150300.59.141.2 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2 * cluster-md-kmp-default-5.3.18-150300.59.141.2 * dlm-kmp-default-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * ocfs2-kmp-default-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.141.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.141.2 * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-preempt-devel-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.141.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.141.2 * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-preempt-devel-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.141.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-devel-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-devel-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.141.2 * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.141.2 * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.141.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.141.2 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.141.2 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-devel-5.3.18-150300.59.141.2 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debuginfo-5.3.18-150300.59.141.2 * kernel-64kb-debugsource-5.3.18-150300.59.141.2 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.141.2 * kernel-preempt-5.3.18-150300.59.141.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.141.2 * kernel-obs-build-5.3.18-150300.59.141.2 * kernel-preempt-debuginfo-5.3.18-150300.59.141.2 * reiserfs-kmp-default-5.3.18-150300.59.141.2 * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-preempt-devel-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * kernel-preempt-debugsource-5.3.18-150300.59.141.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2 * kernel-obs-build-debugsource-5.3.18-150300.59.141.2 * kernel-syms-5.3.18-150300.59.141.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.141.2 * SUSE Enterprise Storage 7.1 (noarch) * kernel-devel-5.3.18-150300.59.141.1 * kernel-macros-5.3.18-150300.59.141.1 * kernel-source-5.3.18-150300.59.141.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.141.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.141.2 * kernel-default-debugsource-5.3.18-150300.59.141.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216134 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:32 -0000 Subject: SUSE-SU-2023:4346-1: important: Security update for the Linux Kernel Message-ID: <169894263278.4679.3096151676886466754@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4346-1 Rating: important References: * bsc#1206010 * bsc#1208788 * bsc#1210778 * bsc#1213705 * bsc#1213950 * bsc#1213977 * bsc#1215743 * bsc#1215745 * bsc#1216046 * bsc#1216051 * bsc#1216107 * bsc#1216140 * bsc#1216340 * bsc#1216513 * bsc#1216514 Cross-References: * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-45862 CVSS scores: * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). * crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes). * iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * iommu/amd: Remove useless irq affinity notifier (bsc#1206010). * iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010). * kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * KVM: s390: fix sthyi error handling (git-fixes bsc#1216107). * memcg: drop kmem.limit_in_bytes (bsc#1208788) This brings a breaking commit for easier backport, it'll be fixed differently in a following commit. * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * ratelimit: Fix data-races in ___ratelimit() (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513). * s390/ptrace: fix setting syscall number (git-fixes bsc#1216340). * s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140). * s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950). * s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950). * sched: Avoid scale real weight down to zero (git fixes (sched)). * sched: correct SD_flags returned by tl->sd_flags() (git fixes (sched)). * sched: Reenable interrupts in do_sched_yield() (git fixes (sched)). * sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() (git fixes (sched)). * sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (git fixes (sched)). * sched/fair: Do not balance task to its current running CPU (git fixes (sched)). * sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (git fixes (sched)). * sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE (git fixes (sched)). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514). * tools/thermal: Fix possible path truncations (git-fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * virtio_balloon: fix deadlock on OOM (git-fixes). * virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio: Protect vqs list access (git-fixes). * vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes). * xen-netback: use default TX queue size for vifs (git-fixes). * xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743). * xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4346=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4346=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4346=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.155.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-debugsource-4.12.14-16.155.1 * kernel-azure-base-4.12.14-16.155.1 * kernel-azure-devel-4.12.14-16.155.1 * kernel-syms-azure-4.12.14-16.155.1 * kernel-azure-debuginfo-4.12.14-16.155.1 * kernel-azure-base-debuginfo-4.12.14-16.155.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.155.1 * kernel-source-azure-4.12.14-16.155.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.155.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-debugsource-4.12.14-16.155.1 * kernel-azure-base-4.12.14-16.155.1 * kernel-azure-devel-4.12.14-16.155.1 * kernel-syms-azure-4.12.14-16.155.1 * kernel-azure-debuginfo-4.12.14-16.155.1 * kernel-azure-base-debuginfo-4.12.14-16.155.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.155.1 * kernel-source-azure-4.12.14-16.155.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.155.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-debugsource-4.12.14-16.155.1 * kernel-azure-base-4.12.14-16.155.1 * kernel-azure-devel-4.12.14-16.155.1 * kernel-syms-azure-4.12.14-16.155.1 * kernel-azure-debuginfo-4.12.14-16.155.1 * kernel-azure-base-debuginfo-4.12.14-16.155.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.155.1 * kernel-source-azure-4.12.14-16.155.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213950 * https://bugzilla.suse.com/show_bug.cgi?id=1213977 * https://bugzilla.suse.com/show_bug.cgi?id=1215743 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216107 * https://bugzilla.suse.com/show_bug.cgi?id=1216140 * https://bugzilla.suse.com/show_bug.cgi?id=1216340 * https://bugzilla.suse.com/show_bug.cgi?id=1216513 * https://bugzilla.suse.com/show_bug.cgi?id=1216514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:41 -0000 Subject: SUSE-SU-2023:4345-1: important: Security update for the Linux Kernel Message-ID: <169894264141.4679.15569136613162164408@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4345-1 Rating: important References: * bsc#1208788 * bsc#1210778 * bsc#1211307 * bsc#1212423 * bsc#1212649 * bsc#1213705 * bsc#1214842 * bsc#1215095 * bsc#1215104 * bsc#1215518 * bsc#1215745 * bsc#1215768 * bsc#1215860 * bsc#1215955 * bsc#1215986 * bsc#1216046 * bsc#1216051 * bsc#1216062 * bsc#1216345 * bsc#1216510 * bsc#1216511 * bsc#1216512 * bsc#1216621 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39193 * CVE-2023-45862 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves nine vulnerabilities and has 14 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed an incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses that could lead to arbitrary write access to kernel memory. (bsc#1212649) * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: check budget for r8152_poll() (git-fixes). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * xen-netback: use default TX queue size for vifs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4345=1 openSUSE-SLE-15.4-2023-4345=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4345=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * kernel-azure-extra-5.14.21-150400.14.72.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.72.1 * kselftests-kmp-azure-5.14.21-150400.14.72.1 * kernel-azure-debuginfo-5.14.21-150400.14.72.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * kernel-azure-devel-5.14.21-150400.14.72.1 * reiserfs-kmp-azure-5.14.21-150400.14.72.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.72.1 * dlm-kmp-azure-5.14.21-150400.14.72.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.72.1 * ocfs2-kmp-azure-5.14.21-150400.14.72.1 * kernel-azure-optional-5.14.21-150400.14.72.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * kernel-azure-debugsource-5.14.21-150400.14.72.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.72.1 * cluster-md-kmp-azure-5.14.21-150400.14.72.1 * kernel-syms-azure-5.14.21-150400.14.72.1 * gfs2-kmp-azure-5.14.21-150400.14.72.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.72.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.72.1 * kernel-source-azure-5.14.21-150400.14.72.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.72.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150400.14.72.1 * kernel-azure-devel-5.14.21-150400.14.72.1 * kernel-azure-debugsource-5.14.21-150400.14.72.1 * kernel-azure-debuginfo-5.14.21-150400.14.72.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.72.1 * kernel-source-azure-5.14.21-150400.14.72.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215768 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216510 * https://bugzilla.suse.com/show_bug.cgi?id=1216511 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:45 -0000 Subject: SUSE-RU-2023:4344-1: moderate: Recommended update for nodejs20 Message-ID: <169894264583.4679.2703239931375091505@smelt2.prg2.suse.org> # Recommended update for nodejs20 Announcement ID: SUSE-RU-2023:4344-1 Rating: moderate References: * jsc#PED-4819 * jsc#PED-7088 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Web and Scripting Module 15-SP5 An update that contains two features can now be installed. ## Description: This update for nodejs20 fixes the following issues: This update provides nodejs 20 in version 20.8.1. For overview of changes and details since 19.x and earlier see: https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.0.0 * Permission Model Node.js now has an experimental feature called the Permission Model. It allows developers to restrict access to specific resources during program execution, such as file system operations, child process spawning, and worker thread creation. The API exists behind a flag \--experimental-permission which when enabled will restrict access to all available permissions. By using this feature, developers can prevent their applications from accessing or modifying sensitive data or running potentially harmful code. More information about the Permission Model can be found in the Node.js documentation. The Permission Model was a contribution by Rafael Gonzaga in #44004. * Custom ESM loader hooks run on dedicated thread ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run in a dedicated thread, isolated from the main thread. This provides a separate scope for loaders and ensures no cross-contamination between loaders and application code. * Synchronous import.meta.resolve() In alignment with browser behavior, this function now returns synchronously. Despite this, user loader resolve hooks can still be defined as async functions (or as sync functions, if the author prefers). Even when there are async resolve hooks loaded, import.meta.resolve will still return synchronously for application code. Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford, Jacob Smith, and Micha?l Zasso in #44710 * V8 11.3 The V8 engine is updated to version 11.3, which is part of Chromium 113. This version includes three new features to the JavaScript API: String.prototype.isWellFormed and toWellFormed Methods that change Array and TypedArray by copy Resizable ArrayBuffer and growable SharedArrayBuffer RegExp v flag with set notation + properties of strings WebAssembly Tail Call The V8 update was a contribution by Micha?l Zasso in #47251. * Stable Test Runner The recent update to Node.js, version 20, includes an important change to the test_runner module. The module has been marked as stable after a recent update. Previously, the test_runner module was experimental, but this change marks it as a stable module that is ready for production use. Contributed by Colin Ihrig in #46983 * Ada 2.0 Node.js v20 comes with the latest version of the URL parser, Ada. This update brings significant performance improvements to URL parsing, including enhancements to the url.domainToASCII and url.domainToUnicode functions in node:url. Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of the application can benefit from the improved performance. Additionally, Ada 2.0 features a significant performance boost over its predecessor, Ada 1.0.4, while also eliminating the need for the ICU requirement for URL hostname parsing. Contributed by Yagiz Nizipli and Daniel Lemire in #47339 * Preparing single executable apps now requires injecting a Blob Building a single executable app now requires injecting a blob prepared by Node.js from a JSON config instead of injecting the raw JS file. This opens up the possibility of embedding multiple co-existing resources into the SEA (Single Executable Apps). Contributed by Joyee Cheung in #47125 * Web Crypto API Web Crypto API functions' arguments are now coerced and validated as per their WebIDL definitions like in other Web Crypto API implementations. This further improves interoperability with other implementations of Web Crypto API. This change was made by Filip Skokan in #46067. * WASI version must now be specified When new WASI() is called, the version option is now required and has no default value. Any code that relied on the default for the version will need to be updated to request a specific version. This change was made by Michael Dawson in #47391. * Deprecations and Removals * (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich Trott) #45526 url.parse() accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input. These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already. Starting with Node.js 20, these URLS cause url.parse() to emit a warning. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4344=1 openSUSE-SLE-15.5-2023-4344=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4344=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-20.8.1-150500.11.3.1 * nodejs20-debugsource-20.8.1-150500.11.3.1 * nodejs20-devel-20.8.1-150500.11.3.1 * npm20-20.8.1-150500.11.3.1 * nodejs20-debuginfo-20.8.1-150500.11.3.1 * corepack20-20.8.1-150500.11.3.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.8.1-150500.11.3.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nodejs20-20.8.1-150500.11.3.1 * nodejs20-debugsource-20.8.1-150500.11.3.1 * nodejs20-devel-20.8.1-150500.11.3.1 * npm20-20.8.1-150500.11.3.1 * nodejs20-debuginfo-20.8.1-150500.11.3.1 * Web and Scripting Module 15-SP5 (noarch) * nodejs20-docs-20.8.1-150500.11.3.1 ## References: * https://jira.suse.com/browse/PED-4819 * https://jira.suse.com/browse/PED-7088 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:48 -0000 Subject: SUSE-RU-2023:4342-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169894264879.4679.16513234571343433700@smelt2.prg2.suse.org> # Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:4342-1 Rating: moderate References: * bsc#1211892 * jsc#PED-4964 * jsc#PED-7112 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has one fix can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: * Update to version 535.113.01 * post install scripts: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support * Add a devel package so other modules can be built against this one. [jira#PED-4964] * disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [boo#1211892] * preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.113.01 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4342=1 openSUSE-SLE-15.4-2023-4342=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4342=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4342=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1 * nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1 * Basesystem Module 15-SP4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1 * nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211892 * https://jira.suse.com/browse/PED-4964 * https://jira.suse.com/browse/PED-7112 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 16:30:52 -0000 Subject: SUSE-SU-2023:4339-1: important: Security update for webkit2gtk3 Message-ID: <169894265243.4679.12235384624328041034@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4339-1 Rating: important References: * bsc#1213379 * bsc#1213581 * bsc#1215072 * bsc#1215661 * bsc#1215866 * bsc#1215867 * bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1216483 Cross-References: * CVE-2023-32393 * CVE-2023-35074 * CVE-2023-37450 * CVE-2023-39434 * CVE-2023-39928 * CVE-2023-40451 * CVE-2023-41074 * CVE-2023-41993 CVSS scores: * CVE-2023-32393 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32393 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41993 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2023-41993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves eight vulnerabilities and has two security fixes can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). * CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). * CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Non-security fixes: * Fixed missing package dependencies (bsc#1215072). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4339=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-4339=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4339=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4339=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4339=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4339=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4339=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4339=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4339=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4339=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4339=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4339=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Enterprise Storage 7 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Enterprise Storage 7 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150200.87.4 * typelib-1_0-WebKit2-4_0-2.42.1-150200.87.4 * webkit2gtk3-devel-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Manager Proxy 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Manager Proxy 4.2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Manager Retail Branch Server 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Manager Retail Branch Server 4.2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-2.42.1-150200.87.4 * webkit2gtk3-debugsource-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150200.87.4 * libwebkit2gtk-4_0-37-2.42.1-150200.87.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150200.87.4 * webkit2gtk-4_0-injected-bundles-2.42.1-150200.87.4 * SUSE Manager Server 4.2 (noarch) * libwebkit2gtk3-lang-2.42.1-150200.87.4 ## References: * https://www.suse.com/security/cve/CVE-2023-32393.html * https://www.suse.com/security/cve/CVE-2023-35074.html * https://www.suse.com/security/cve/CVE-2023-37450.html * https://www.suse.com/security/cve/CVE-2023-39434.html * https://www.suse.com/security/cve/CVE-2023-39928.html * https://www.suse.com/security/cve/CVE-2023-40451.html * https://www.suse.com/security/cve/CVE-2023-41074.html * https://www.suse.com/security/cve/CVE-2023-41993.html * https://bugzilla.suse.com/show_bug.cgi?id=1213379 * https://bugzilla.suse.com/show_bug.cgi?id=1213581 * https://bugzilla.suse.com/show_bug.cgi?id=1215072 * https://bugzilla.suse.com/show_bug.cgi?id=1215661 * https://bugzilla.suse.com/show_bug.cgi?id=1215866 * https://bugzilla.suse.com/show_bug.cgi?id=1215867 * https://bugzilla.suse.com/show_bug.cgi?id=1215868 * https://bugzilla.suse.com/show_bug.cgi?id=1215869 * https://bugzilla.suse.com/show_bug.cgi?id=1215870 * https://bugzilla.suse.com/show_bug.cgi?id=1216483 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4351-1: important: Security update for the Linux Kernel Message-ID: <169895700434.28576.9409649629181334856@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4351-1 Rating: important References: * bsc#1211307 * bsc#1212423 * bsc#1213772 * bsc#1215955 * bsc#1216062 * bsc#1216512 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-45862 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves eight vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * Fix metadata references * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). * Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). * USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * USB: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * xen-netback: use default TX queue size for vifs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4351=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4351=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4351=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4351=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4351=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * openSUSE Leap Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * openSUSE Leap Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * openSUSE Leap 15.4 (x86_64) * kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-devel-5.14.21-150400.15.59.1 * kernel-rt-debugsource-5.14.21-150400.15.59.1 * dlm-kmp-rt-5.14.21-150400.15.59.1 * cluster-md-kmp-rt-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * kernel-rt-devel-5.14.21-150400.15.59.1 * kernel-syms-rt-5.14.21-150400.15.59.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.59.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1 * gfs2-kmp-rt-5.14.21-150400.15.59.1 * ocfs2-kmp-rt-5.14.21-150400.15.59.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.59.1 * kernel-source-rt-5.14.21-150400.15.59.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.59.1 * kernel-rt-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_59-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_15-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_59-rt-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-devel-5.14.21-150400.15.59.1 * kernel-rt-debugsource-5.14.21-150400.15.59.1 * dlm-kmp-rt-5.14.21-150400.15.59.1 * cluster-md-kmp-rt-5.14.21-150400.15.59.1 * kernel-rt-debuginfo-5.14.21-150400.15.59.1 * kernel-rt-devel-5.14.21-150400.15.59.1 * kernel-syms-rt-5.14.21-150400.15.59.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.59.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1 * gfs2-kmp-rt-5.14.21-150400.15.59.1 * ocfs2-kmp-rt-5.14.21-150400.15.59.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.59.1 * kernel-source-rt-5.14.21-150400.15.59.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.59.1 * kernel-rt-5.14.21-150400.15.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4352-1: moderate: Security update for python-urllib3 Message-ID: <169895700715.28576.16381787539148204904@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4352-1 Rating: moderate References: * bsc#1215968 * bsc#1216275 * bsc#1216377 Cross-References: * CVE-2018-25091 * CVE-2023-43804 * CVE-2023-45803 CVSS scores: * CVE-2018-25091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2018-25091 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). * CVE-2018-25091: Fixed a potential leak of the Authorization header during a cross-origin redirect (bsc#1216275). * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-4352=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-4352=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-urllib3-1.23-3.25.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-urllib3-1.23-3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2018-25091.html * https://www.suse.com/security/cve/CVE-2023-43804.html * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 * https://bugzilla.suse.com/show_bug.cgi?id=1216275 * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 2 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 02 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4350-1: important: Security update for gstreamer-plugins-bad Message-ID: <169895700913.28576.282657540861686840@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4350-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4350=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4350=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4350=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgstphotography-1_0-0-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.10.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.10.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.10.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgstphotography-1_0-0-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.10.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.10.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.10.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgstphotography-1_0-0-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-1.16.3-150200.4.10.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.10.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.10.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstbadaudio-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-devel-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-1.16.3-150200.4.10.1 * libgstwebrtc-1_0-0-1.16.3-150200.4.10.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-1.16.3-150200.4.10.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.10.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-1.16.3-150200.4.10.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.10.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.10.1 * libgstsctp-1_0-0-1.16.3-150200.4.10.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.10.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.10.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 08:02:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2023 09:02:02 +0100 (CET) Subject: SUSE-CU-2023:3686-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231103080202.F0501F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3686-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.30 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.30 Container Release : 9.37.30 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Fri Nov 3 08:02:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2023 09:02:07 +0100 (CET) Subject: SUSE-CU-2023:3687-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231103080207.474CAF417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3687-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.8 , suse/manager/4.3/proxy-salt-broker:4.3.8.9.27.29 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8.9.27.29 Container Release : 9.27.29 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Fri Nov 3 08:02:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2023 09:02:12 +0100 (CET) Subject: SUSE-CU-2023:3688-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20231103080212.BA2B4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3688-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.8 , suse/manager/4.3/proxy-squid:4.3.8.9.36.26 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.8 , suse/manager/4.3/proxy-squid:susemanager-4.3.8.9.36.26 Container Release : 9.36.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Fri Nov 3 08:02:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2023 09:02:17 +0100 (CET) Subject: SUSE-CU-2023:3689-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20231103080217.2C356F417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3689-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.8 , suse/manager/4.3/proxy-ssh:4.3.8.9.27.26 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.8 , suse/manager/4.3/proxy-ssh:susemanager-4.3.8.9.27.26 Container Release : 9.27.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Fri Nov 3 08:02:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2023 09:02:21 +0100 (CET) Subject: SUSE-CU-2023:3690-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231103080221.7DF3EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3690-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.8 , suse/manager/4.3/proxy-tftpd:4.3.8.9.27.26 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8.9.27.26 Container Release : 9.27.26 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-updates at lists.suse.com Fri Nov 3 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 12:30:01 -0000 Subject: SUSE-SU-2023:4357-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <169901460151.30897.15279766940424183536@smelt2.prg2.suse.org> # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:4357-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: kubevirt is rebuilt against the current GO security release. * Set cache mode on hotplugged disks * Delete VMI prior to NFS server pod in tests ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4357=1 openSUSE-SLE-15.4-2023-4357=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4357=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4357=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4357=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kubevirt-virt-handler-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virt-api-0.54.0-150400.3.23.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virt-launcher-0.54.0-150400.3.23.1 * kubevirt-container-disk-0.54.0-150400.3.23.1 * kubevirt-virt-api-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-tests-0.54.0-150400.3.23.1 * kubevirt-virt-controller-0.54.0-150400.3.23.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.23.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.23.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.23.1 * kubevirt-virt-operator-0.54.0-150400.3.23.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.23.1 * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * openSUSE Leap Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.23.1 * kubevirt-manifests-0.54.0-150400.3.23.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4356-1: moderate: Security update for python-urllib3 Message-ID: <169901460387.30897.2613621330139141303@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4356-1 Rating: moderate References: * bsc#1216377 Cross-References: * CVE-2023-45803 CVSS scores: * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4356=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4356=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4356=1 ## Package List: * SUSE OpenStack Cloud 8 (noarch) * python-urllib3-1.25.10-5.25.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-urllib3-1.25.10-5.25.1 * HPE Helion OpenStack 8 (noarch) * python-urllib3-1.25.10-5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4355-1: important: Security update for gstreamer-plugins-bad Message-ID: <169901460593.30897.3975580867972527919@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4355-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4355=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4355=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4355=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.12.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-1.12.5-150000.3.12.1 * libgstgl-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.12.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.12.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.12.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.12.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-1.12.5-150000.3.12.1 * libgstgl-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.12.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.12.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.12.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.12.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-1.12.5-150000.3.12.1 * libgstgl-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.12.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.12.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.12.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.12.1 * SUSE CaaS Platform 4.0 (x86_64) * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.12.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-1.12.5-150000.3.12.1 * libgstgl-1_0-0-1.12.5-150000.3.12.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-1.12.5-150000.3.12.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.12.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.12.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.12.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.12.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.12.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.12.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.12.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.12.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-1.12.5-150000.3.12.1 * libgstplayer-1_0-0-1.12.5-150000.3.12.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.12.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.12.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.12.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.12.1 * SUSE CaaS Platform 4.0 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4363-1: moderate: Security update for poppler Message-ID: <169902900396.28179.7074249105859994483@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4363-1 Rating: moderate References: * bsc#1213888 * bsc#1214726 Cross-References: * CVE-2022-37052 * CVE-2023-34872 CVSS scores: * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-34872 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34872 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). * CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4363=1 openSUSE-SLE-15.4-2023-4363=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4363=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4363=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4363=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-devel-22.01.0-150400.3.16.1 * poppler-tools-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * poppler-qt6-debugsource-22.01.0-150400.3.16.1 * poppler-tools-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * poppler-qt5-debugsource-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-3-22.01.0-150400.3.16.1 * libpoppler-glib8-22.01.0-150400.3.16.1 * libpoppler-qt5-1-22.01.0-150400.3.16.1 * libpoppler-glib-devel-22.01.0-150400.3.16.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 * libpoppler-qt5-devel-22.01.0-150400.3.16.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-22.01.0-150400.3.16.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler-glib8-64bit-22.01.0-150400.3.16.1 * libpoppler117-64bit-22.01.0-150400.3.16.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.16.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.16.1 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1 * poppler-tools-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * poppler-tools-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-22.01.0-150400.3.16.1 * libpoppler-glib-devel-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * poppler-qt5-debugsource-22.01.0-150400.3.16.1 * libpoppler-qt5-1-22.01.0-150400.3.16.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-devel-22.01.0-150400.3.16.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler117-32bit-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2023-34872.html * https://bugzilla.suse.com/show_bug.cgi?id=1213888 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4362-1: moderate: Security update for poppler Message-ID: <169902900753.28179.17147977568104401564@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4362-1 Rating: moderate References: * bsc#1112424 * bsc#1112428 * bsc#1128114 * bsc#1129202 * bsc#1140745 * bsc#1143570 * bsc#1214256 * bsc#1214723 * bsc#1214726 Cross-References: * CVE-2018-18454 * CVE-2018-18456 * CVE-2019-13287 * CVE-2019-14292 * CVE-2019-9545 * CVE-2019-9631 * CVE-2020-36023 * CVE-2022-37052 * CVE-2022-48545 CVSS scores: * CVE-2018-18454 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18454 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18456 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18456 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-13287 ( SUSE ): 3.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13287 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2019-14292 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-14292 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-9631 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9631 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust (bsc#1140745). * CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file (bsc#1112428). * CVE-2018-18454: Fixed heap-based buffer over-read via a crafted pdf file (bsc#1112424). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). * CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4362=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler-cpp0-0.43.0-16.40.1 * libpoppler-qt4-devel-0.43.0-16.40.1 * libpoppler-glib-devel-0.43.0-16.40.1 * typelib-1_0-Poppler-0_18-0.43.0-16.40.1 * libpoppler-devel-0.43.0-16.40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 ## References: * https://www.suse.com/security/cve/CVE-2018-18454.html * https://www.suse.com/security/cve/CVE-2018-18456.html * https://www.suse.com/security/cve/CVE-2019-13287.html * https://www.suse.com/security/cve/CVE-2019-14292.html * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2019-9631.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2022-48545.html * https://bugzilla.suse.com/show_bug.cgi?id=1112424 * https://bugzilla.suse.com/show_bug.cgi?id=1112428 * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1129202 * https://bugzilla.suse.com/show_bug.cgi?id=1140745 * https://bugzilla.suse.com/show_bug.cgi?id=1143570 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214723 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4361-1: important: Security update for gstreamer-plugins-bad Message-ID: <169902900969.28179.4103047309505183511@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4361-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4361=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4361=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4361=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4361=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4361=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4361=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-bad-doc-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (x86_64) * libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-32bit-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-32bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-32bit-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-64bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4360-1: important: Security update for gstreamer-plugins-bad Message-ID: <169902901281.28179.7044361194549411104@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4360-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4360=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4360=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4360=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4360=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1 * libgstplay-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1 * gstreamer-transcoder-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-transcoder-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gstreamer-plugins-bad-64bit-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-64bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstplay-1_0-0-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-1.20.1-150400.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4359-1: important: Security update for the Linux Kernel Message-ID: <169902901844.28179.12098799790417088533@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4359-1 Rating: important References: * bsc#1206010 * bsc#1208788 * bsc#1210778 * bsc#1213705 * bsc#1213950 * bsc#1213977 * bsc#1215743 * bsc#1215745 * bsc#1216046 * bsc#1216051 * bsc#1216107 * bsc#1216140 * bsc#1216340 * bsc#1216513 * bsc#1216514 Cross-References: * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-45862 CVSS scores: * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves four vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). * crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes). * iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * iommu/amd: Remove useless irq affinity notifier (bsc#1206010). * iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010). * kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * KVM: s390: fix sthyi error handling (git-fixes bsc#1216107). * memcg: drop kmem.limit_in_bytes (bsc#1208788) * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * ratelimit: Fix data-races in ___ratelimit() (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513). * s390/ptrace: fix setting syscall number (git-fixes bsc#1216340). * s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140). * s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950). * s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514). * tools/thermal: Fix possible path truncations (git-fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * virtio_balloon: fix deadlock on OOM (git-fixes). * virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio: Protect vqs list access (git-fixes). * vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes). * xen-netback: use default TX queue size for vifs (git-fixes). * xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743). * xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4359=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt-base-4.12.14-10.149.1 * kernel-rt_debug-debugsource-4.12.14-10.149.1 * dlm-kmp-rt-4.12.14-10.149.1 * kernel-rt_debug-debuginfo-4.12.14-10.149.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.149.1 * kernel-rt-debuginfo-4.12.14-10.149.1 * ocfs2-kmp-rt-4.12.14-10.149.1 * cluster-md-kmp-rt-4.12.14-10.149.1 * kernel-rt-debugsource-4.12.14-10.149.1 * kernel-rt-devel-debuginfo-4.12.14-10.149.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.149.1 * kernel-syms-rt-4.12.14-10.149.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.149.1 * gfs2-kmp-rt-4.12.14-10.149.1 * kernel-rt-base-debuginfo-4.12.14-10.149.1 * kernel-rt_debug-devel-4.12.14-10.149.1 * kernel-rt-devel-4.12.14-10.149.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.149.1 * dlm-kmp-rt-debuginfo-4.12.14-10.149.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.149.1 * kernel-devel-rt-4.12.14-10.149.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.149.1 * kernel-rt_debug-4.12.14-10.149.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213950 * https://bugzilla.suse.com/show_bug.cgi?id=1213977 * https://bugzilla.suse.com/show_bug.cgi?id=1215743 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216107 * https://bugzilla.suse.com/show_bug.cgi?id=1216140 * https://bugzilla.suse.com/show_bug.cgi?id=1216340 * https://bugzilla.suse.com/show_bug.cgi?id=1216513 * https://bugzilla.suse.com/show_bug.cgi?id=1216514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:22 -0000 Subject: SUSE-SU-2023:4358-1: important: Security update for the Linux Kernel Message-ID: <169902902213.28179.15356752928515525544@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4358-1 Rating: important References: * bsc#1212051 * bsc#1214842 * bsc#1215095 * bsc#1215467 * bsc#1215518 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 Cross-References: * CVE-2023-2163 * CVE-2023-3111 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves nine vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4358=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4358=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4358=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4366-1: moderate: Recommended update for kubernetes1.26 Message-ID: <169904340242.14451.3927964438852990708@smelt2.prg2.suse.org> # Recommended update for kubernetes1.26 Announcement ID: SUSE-RU-2023:4366-1 Rating: moderate References: * bsc#1213829 * bsc#1214406 * jsc#PED-5839 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two fixes can now be installed. ## Description: This update for kubernetes1.26 fixes the following issues: This update ships the kubernetes1.26-client package. (jsc#PED-5839) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4366=1 openSUSE-SLE-15.4-2023-4366=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4366=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4366=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4366=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.26-kubelet-common-1.26.9-150400.9.3.2 * kubernetes1.26-proxy-1.26.9-150400.9.3.2 * kubernetes1.26-controller-manager-1.26.9-150400.9.3.2 * kubernetes1.26-kubelet-1.26.9-150400.9.3.2 * kubernetes1.26-scheduler-1.26.9-150400.9.3.2 * kubernetes1.26-apiserver-1.26.9-150400.9.3.2 * kubernetes1.26-kubeadm-1.26.9-150400.9.3.2 * kubernetes1.26-client-common-1.26.9-150400.9.3.2 * kubernetes1.26-client-1.26.9-150400.9.3.2 * openSUSE Leap 15.4 (noarch) * kubernetes1.26-client-bash-completion-1.26.9-150400.9.3.2 * kubernetes1.26-client-fish-completion-1.26.9-150400.9.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.26-client-1.26.9-150400.9.3.2 * kubernetes1.26-client-common-1.26.9-150400.9.3.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.26-client-1.26.9-150400.9.3.2 * kubernetes1.26-client-common-1.26.9-150400.9.3.2 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.26-client-1.26.9-150400.9.3.2 * kubernetes1.26-client-common-1.26.9-150400.9.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213829 * https://bugzilla.suse.com/show_bug.cgi?id=1214406 * https://jira.suse.com/browse/PED-5839 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 3 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 03 Nov 2023 20:30:04 -0000 Subject: SUSE-RU-2023:4365-1: moderate: Recommended update for kubernetes1.25 Message-ID: <169904340426.14451.592340442853545236@smelt2.prg2.suse.org> # Recommended update for kubernetes1.25 Announcement ID: SUSE-RU-2023:4365-1 Rating: moderate References: * bsc#1214406 * jsc#PED-5839 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one fix can now be installed. ## Description: This update for kubernetes1.25 fixes the following issues: This update ships the kubernetes1.25-client package. (jsc#PED-5839) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4365=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4365=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4365=1 openSUSE-SLE-15.4-2023-4365=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4365=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.25-client-1.25.14-150400.9.3.2 * kubernetes1.25-client-common-1.25.14-150400.9.3.2 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.25-client-1.25.14-150400.9.3.2 * kubernetes1.25-client-common-1.25.14-150400.9.3.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.25-kubelet-common-1.25.14-150400.9.3.2 * kubernetes1.25-apiserver-1.25.14-150400.9.3.2 * kubernetes1.25-kubelet-1.25.14-150400.9.3.2 * kubernetes1.25-controller-manager-1.25.14-150400.9.3.2 * kubernetes1.25-client-common-1.25.14-150400.9.3.2 * kubernetes1.25-scheduler-1.25.14-150400.9.3.2 * kubernetes1.25-kubeadm-1.25.14-150400.9.3.2 * kubernetes1.25-client-1.25.14-150400.9.3.2 * kubernetes1.25-proxy-1.25.14-150400.9.3.2 * openSUSE Leap 15.4 (noarch) * kubernetes1.25-client-bash-completion-1.25.14-150400.9.3.2 * kubernetes1.25-client-fish-completion-1.25.14-150400.9.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.25-client-1.25.14-150400.9.3.2 * kubernetes1.25-client-common-1.25.14-150400.9.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214406 * https://jira.suse.com/browse/PED-5839 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 08:30:03 -0000 Subject: SUSE-SU-2023:4368-1: important: Security update for gstreamer-plugins-bad Message-ID: <169925940303.22272.9289194207219408127@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4368-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4368=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-devel-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstinsertbin-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstinsertbin-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4367-1: important: Security update for apache-ivy Message-ID: <169925940582.22272.5391602390086067595@smelt2.prg2.suse.org> # Security update for apache-ivy Announcement ID: SUSE-SU-2023:4367-1 Rating: important References: * bsc#1214422 Cross-References: * CVE-2022-46751 CVSS scores: * CVE-2022-46751 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-46751 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for apache-ivy fixes the following issues: * Upgrade to version 2.5.2 (bsc#1214422) * CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4367=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4367=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4367=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4367=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4367=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4367=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4367=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4367=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4367=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4367=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4367=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4367=1 ## Package List: * openSUSE Leap 15.4 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * apache-ivy-javadoc-2.5.2-150200.3.9.1 * openSUSE Leap 15.5 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * apache-ivy-javadoc-2.5.2-150200.3.9.1 * Development Tools Module 15-SP4 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * Development Tools Module 15-SP5 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * apache-ivy-2.5.2-150200.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46751.html * https://bugzilla.suse.com/show_bug.cgi?id=1214422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4072-2: important: Security update for the Linux Kernel Message-ID: <169927380525.13867.227319951423930696@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4072-2 Rating: important References: * bsc#1202845 * bsc#1213808 * bsc#1214928 * bsc#1214940 * bsc#1214941 * bsc#1214942 * bsc#1214943 * bsc#1214944 * bsc#1214950 * bsc#1214951 * bsc#1214954 * bsc#1214957 * bsc#1214986 * bsc#1214988 * bsc#1214992 * bsc#1214993 * bsc#1215322 * bsc#1215877 * bsc#1215894 * bsc#1215895 * bsc#1215896 * bsc#1215911 * bsc#1215915 * bsc#1215916 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4563 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves 17 vulnerabilities and has seven security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFS/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4072=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150400.24.92.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.92.1 * gfs2-kmp-default-5.14.21-150400.24.92.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-syms-5.14.21-150400.24.92.1 * kselftests-kmp-default-5.14.21-150400.24.92.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-optional-5.14.21-150400.24.92.1 * kernel-default-extra-5.14.21-150400.24.92.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-5.14.21-150400.24.92.1 * kernel-default-devel-5.14.21-150400.24.92.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.92.1 * kernel-obs-qa-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * dlm-kmp-default-5.14.21-150400.24.92.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-obs-build-debugsource-5.14.21-150400.24.92.1 * kernel-default-livepatch-5.14.21-150400.24.92.1 * kernel-obs-build-5.14.21-150400.24.92.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-default-5.14.21-150400.24.92.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.92.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-livepatch-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-5.14.21-150400.24.92.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.92.1 * kernel-debug-debugsource-5.14.21-150400.24.92.1 * kernel-debug-debuginfo-5.14.21-150400.24.92.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.92.1 * kernel-default-base-rebuild-5.14.21-150400.24.92.1.150400.24.42.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-devel-5.14.21-150400.24.92.1 * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (noarch) * kernel-docs-html-5.14.21-150400.24.92.1 * kernel-source-5.14.21-150400.24.92.1 * kernel-source-vanilla-5.14.21-150400.24.92.1 * kernel-macros-5.14.21-150400.24.92.1 * kernel-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.92.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64) * dtb-allwinner-5.14.21-150400.24.92.1 * dtb-altera-5.14.21-150400.24.92.1 * dtb-marvell-5.14.21-150400.24.92.1 * dtb-apple-5.14.21-150400.24.92.1 * kernel-64kb-devel-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-5.14.21-150400.24.92.1 * kernel-64kb-extra-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-5.14.21-150400.24.92.1 * dtb-hisilicon-5.14.21-150400.24.92.1 * kernel-64kb-debugsource-5.14.21-150400.24.92.1 * dtb-freescale-5.14.21-150400.24.92.1 * dtb-apm-5.14.21-150400.24.92.1 * dtb-amd-5.14.21-150400.24.92.1 * dtb-arm-5.14.21-150400.24.92.1 * dtb-qcom-5.14.21-150400.24.92.1 * dtb-rockchip-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-nvidia-5.14.21-150400.24.92.1 * kernel-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-optional-5.14.21-150400.24.92.1 * dtb-amlogic-5.14.21-150400.24.92.1 * dtb-broadcom-5.14.21-150400.24.92.1 * dtb-exynos-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-5.14.21-150400.24.92.1 * dlm-kmp-64kb-5.14.21-150400.24.92.1 * dtb-lg-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-renesas-5.14.21-150400.24.92.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.92.1 * dtb-amazon-5.14.21-150400.24.92.1 * dtb-socionext-5.14.21-150400.24.92.1 * dtb-cavium-5.14.21-150400.24.92.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.92.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-xilinx-5.14.21-150400.24.92.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.92.1 * dtb-mediatek-5.14.21-150400.24.92.1 * dtb-sprd-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4374-1: important: Security update for nodejs12 Message-ID: <169927380843.13867.9689535046486379350@smelt2.prg2.suse.org> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4373-1: important: Security update for nodejs12 Message-ID: <169927381136.13867.3119072959580229010@smelt2.prg2.suse.org> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4373-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4373=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4373=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4373=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4373=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * corepack14-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4372-1: important: Security update for util-linux Message-ID: <169927381917.13867.1286177320148115131@smelt2.prg2.suse.org> # Security update for util-linux Announcement ID: SUSE-SU-2023:4372-1 Rating: important References: * bsc#1213865 Cross-References: * CVE-2018-7738 CVSS scores: * CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4372=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4372=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-libmount-debugsource-2.31.1-150000.9.24.1 * python-libmount-debuginfo-2.31.1-150000.9.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-libmount-debugsource-2.31.1-150000.9.24.1 * python-libmount-debuginfo-2.31.1-150000.9.24.1 ## References: * https://www.suse.com/security/cve/CVE-2018-7738.html * https://bugzilla.suse.com/show_bug.cgi?id=1213865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:22 -0000 Subject: SUSE-SU-2023:4371-1: moderate: Security update for tiff Message-ID: <169927382245.13867.12675570404410140439@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4371-1 Rating: moderate References: * bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273 * bsc#1213274 * bsc#1213589 * bsc#1213590 * bsc#1214574 Cross-References: * CVE-2020-18768 * CVE-2023-25433 * CVE-2023-26966 * CVE-2023-2908 * CVE-2023-3316 * CVE-2023-3576 * CVE-2023-3618 * CVE-2023-38288 * CVE-2023-38289 CVSS scores: * CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). * CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4371=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18768.html * https://www.suse.com/security/cve/CVE-2023-25433.html * https://www.suse.com/security/cve/CVE-2023-26966.html * https://www.suse.com/security/cve/CVE-2023-2908.html * https://www.suse.com/security/cve/CVE-2023-3316.html * https://www.suse.com/security/cve/CVE-2023-3576.html * https://www.suse.com/security/cve/CVE-2023-3618.html * https://www.suse.com/security/cve/CVE-2023-38288.html * https://www.suse.com/security/cve/CVE-2023-38289.html * https://bugzilla.suse.com/show_bug.cgi?id=1212535 * https://bugzilla.suse.com/show_bug.cgi?id=1212881 * https://bugzilla.suse.com/show_bug.cgi?id=1212883 * https://bugzilla.suse.com/show_bug.cgi?id=1212888 * https://bugzilla.suse.com/show_bug.cgi?id=1213273 * https://bugzilla.suse.com/show_bug.cgi?id=1213274 * https://bugzilla.suse.com/show_bug.cgi?id=1213589 * https://bugzilla.suse.com/show_bug.cgi?id=1213590 * https://bugzilla.suse.com/show_bug.cgi?id=1214574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4370-1: moderate: Security update for tiff Message-ID: <169927382542.13867.7698386958526490320@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4370-1 Rating: moderate References: * bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273 * bsc#1213274 * bsc#1213589 * bsc#1213590 * bsc#1214574 Cross-References: * CVE-2020-18768 * CVE-2023-25433 * CVE-2023-26966 * CVE-2023-2908 * CVE-2023-3316 * CVE-2023-3576 * CVE-2023-3618 * CVE-2023-38288 * CVE-2023-38289 CVSS scores: * CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). * CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4370=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4370=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4370=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4370=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4370=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4370=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4370=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4370=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap 15.4 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * libtiff-devel-32bit-4.0.9-150000.45.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * openSUSE Leap 15.5 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * libtiff-devel-32bit-4.0.9-150000.45.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * Basesystem Module 15-SP4 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * Basesystem Module 15-SP5 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18768.html * https://www.suse.com/security/cve/CVE-2023-25433.html * https://www.suse.com/security/cve/CVE-2023-26966.html * https://www.suse.com/security/cve/CVE-2023-2908.html * https://www.suse.com/security/cve/CVE-2023-3316.html * https://www.suse.com/security/cve/CVE-2023-3576.html * https://www.suse.com/security/cve/CVE-2023-3618.html * https://www.suse.com/security/cve/CVE-2023-38288.html * https://www.suse.com/security/cve/CVE-2023-38289.html * https://bugzilla.suse.com/show_bug.cgi?id=1212535 * https://bugzilla.suse.com/show_bug.cgi?id=1212881 * https://bugzilla.suse.com/show_bug.cgi?id=1212883 * https://bugzilla.suse.com/show_bug.cgi?id=1212888 * https://bugzilla.suse.com/show_bug.cgi?id=1213273 * https://bugzilla.suse.com/show_bug.cgi?id=1213274 * https://bugzilla.suse.com/show_bug.cgi?id=1213589 * https://bugzilla.suse.com/show_bug.cgi?id=1213590 * https://bugzilla.suse.com/show_bug.cgi?id=1214574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4377-1: important: Security update for the Linux Kernel Message-ID: <169928820582.2730.7496845341687800694@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4377-1 Rating: important References: * bsc#1210778 * bsc#1210853 * bsc#1212051 * bsc#1215467 * bsc#1215518 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 * bsc#1216051 * bsc#1216134 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-3111 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-45862 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 10 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: * KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4377=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-4377=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4377=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4377=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4377=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_169-default-1-150200.5.3.1 * kernel-livepatch-SLE15-SP2_Update_42-debugsource-1-150200.5.3.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-default-livepatch-devel-5.3.18-150200.24.169.1 * kernel-default-livepatch-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.169.1 * gfs2-kmp-default-5.3.18-150200.24.169.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.169.1 * dlm-kmp-default-5.3.18-150200.24.169.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.169.1 * cluster-md-kmp-default-5.3.18-150200.24.169.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * ocfs2-kmp-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.169.1 * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * reiserfs-kmp-default-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * reiserfs-kmp-default-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216134 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4381-1: important: Security update for squid Message-ID: <169928820854.2730.4803521054630662789@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4381-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4380-1: important: Security update for squid Message-ID: <169928821222.2730.12380026351334647975@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4380-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4380=1 openSUSE-SLE-15.4-2023-4380=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4380=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4380=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4380=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4378-1: important: Security update for the Linux Kernel Message-ID: <169928821851.2730.17322029929195112644@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4378-1 Rating: important References: * bsc#1208788 * bsc#1210778 * bsc#1211307 * bsc#1212423 * bsc#1212649 * bsc#1213705 * bsc#1213772 * bsc#1214842 * bsc#1215095 * bsc#1215104 * bsc#1215518 * bsc#1215955 * bsc#1215956 * bsc#1215957 * bsc#1215986 * bsc#1216062 * bsc#1216345 * bsc#1216510 * bsc#1216511 * bsc#1216512 * bsc#1216621 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39193 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities and has 14 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * r8152: check budget for r8152_poll() (git-fixes). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * xen-netback: use default TX queue size for vifs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4378=1 SUSE-2023-4378=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4378=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4378=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4378=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4378=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4378=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4378=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4378=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4378=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.97.1 * kernel-source-5.14.21-150400.24.97.1 * kernel-source-vanilla-5.14.21-150400.24.97.1 * kernel-macros-5.14.21-150400.24.97.1 * kernel-docs-html-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150400.24.97.1 * kernel-debug-devel-5.14.21-150400.24.97.1 * kernel-debug-debugsource-5.14.21-150400.24.97.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.97.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-5.14.21-150400.24.97.1 * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-default-base-rebuild-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-kvmsmall-devel-5.14.21-150400.24.97.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.97.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-5.14.21-150400.24.97.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-default-5.14.21-150400.24.97.1 * kernel-default-extra-5.14.21-150400.24.97.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.97.1 * kernel-obs-qa-5.14.21-150400.24.97.1 * cluster-md-kmp-default-5.14.21-150400.24.97.1 * kernel-default-devel-5.14.21-150400.24.97.1 * kernel-obs-build-debugsource-5.14.21-150400.24.97.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-livepatch-devel-5.14.21-150400.24.97.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.97.1 * ocfs2-kmp-default-5.14.21-150400.24.97.1 * kernel-syms-5.14.21-150400.24.97.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-default-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * kernel-default-optional-5.14.21-150400.24.97.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-livepatch-5.14.21-150400.24.97.1 * kselftests-kmp-default-5.14.21-150400.24.97.1 * kernel-obs-build-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64) * kernel-64kb-extra-5.14.21-150400.24.97.1 * dtb-xilinx-5.14.21-150400.24.97.1 * dtb-socionext-5.14.21-150400.24.97.1 * ocfs2-kmp-64kb-5.14.21-150400.24.97.1 * dtb-sprd-5.14.21-150400.24.97.1 * dlm-kmp-64kb-5.14.21-150400.24.97.1 * dtb-allwinner-5.14.21-150400.24.97.1 * reiserfs-kmp-64kb-5.14.21-150400.24.97.1 * dtb-amd-5.14.21-150400.24.97.1 * dtb-exynos-5.14.21-150400.24.97.1 * dtb-mediatek-5.14.21-150400.24.97.1 * dtb-arm-5.14.21-150400.24.97.1 * dtb-altera-5.14.21-150400.24.97.1 * dtb-lg-5.14.21-150400.24.97.1 * dtb-renesas-5.14.21-150400.24.97.1 * dtb-freescale-5.14.21-150400.24.97.1 * kernel-64kb-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-qcom-5.14.21-150400.24.97.1 * dtb-marvell-5.14.21-150400.24.97.1 * dtb-cavium-5.14.21-150400.24.97.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-64kb-5.14.21-150400.24.97.1 * kernel-64kb-optional-5.14.21-150400.24.97.1 * cluster-md-kmp-64kb-5.14.21-150400.24.97.1 * dtb-apm-5.14.21-150400.24.97.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.97.1 * dtb-rockchip-5.14.21-150400.24.97.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-hisilicon-5.14.21-150400.24.97.1 * dtb-amlogic-5.14.21-150400.24.97.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-amazon-5.14.21-150400.24.97.1 * kselftests-kmp-64kb-5.14.21-150400.24.97.1 * dtb-apple-5.14.21-150400.24.97.1 * dtb-nvidia-5.14.21-150400.24.97.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-devel-5.14.21-150400.24.97.1 * dtb-broadcom-5.14.21-150400.24.97.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-debugsource-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-default-debugsource-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-debugsource-5.14.21-150400.24.97.1 * kernel-64kb-devel-5.14.21-150400.24.97.1 * kernel-64kb-debuginfo-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.97.1 * kernel-devel-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.97.1 * kernel-syms-5.14.21-150400.24.97.1 * kernel-obs-build-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.97.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * kernel-default-livepatch-devel-5.14.21-150400.24.97.1 * kernel-default-livepatch-5.14.21-150400.24.97.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * gfs2-kmp-default-5.14.21-150400.24.97.1 * ocfs2-kmp-default-5.14.21-150400.24.97.1 * cluster-md-kmp-default-5.14.21-150400.24.97.1 * dlm-kmp-default-5.14.21-150400.24.97.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215956 * https://bugzilla.suse.com/show_bug.cgi?id=1215957 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216510 * https://bugzilla.suse.com/show_bug.cgi?id=1216511 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:22 -0000 Subject: SUSE-SU-2023:4376-1: important: Security update for redis Message-ID: <169928822248.2730.8531664566057563728@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2023:4376-1 Rating: important References: * bsc#1216376 Cross-References: * CVE-2023-45145 CVSS scores: * CVE-2023-45145 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45145 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4376=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4376=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4376=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4376=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4376=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4376=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4376=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4376=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4376=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Proxy 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45145.html * https://bugzilla.suse.com/show_bug.cgi?id=1216376 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:30 -0000 Subject: SUSE-SU-2023:4375-1: important: Security update for the Linux Kernel Message-ID: <169928823083.2730.3728503646320027644@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4375-1 Rating: important References: * bsc#1208788 * bsc#1211162 * bsc#1211307 * bsc#1212423 * bsc#1212649 * bsc#1213705 * bsc#1213772 * bsc#1214754 * bsc#1214874 * bsc#1215095 * bsc#1215104 * bsc#1215523 * bsc#1215545 * bsc#1215921 * bsc#1215955 * bsc#1215986 * bsc#1216062 * bsc#1216202 * bsc#1216322 * bsc#1216323 * bsc#1216324 * bsc#1216333 * bsc#1216345 * bsc#1216512 * bsc#1216621 * bsc#802154 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39191 * CVE-2023-39193 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves nine vulnerabilities and has 17 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). * ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). * ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). * ALSA: hda/realtek - Fixed two speaker platform (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). * ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bonding: Fix extraction of ports from the packet headers (bsc#1214754). * bonding: Return pointer to data after pull on skb (bsc#1214754). * bonding: do not assume skb mac_header is set (bsc#1214754). * bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). * bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). * bpf: Add override check to kprobe multi link attach (git-fixes). * bpf: Add zero_map_value to zero map value with special fields (git-fixes). * bpf: Cleanup check_refcount_ok (git-fixes). * bpf: Fix max stack depth check for async callbacks (git-fixes). * bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). * bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). * bpf: Fix resetting logic for unreferenced kptrs (git-fixes). * bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). * bpf: Gate dynptr API behind CAP_BPF (git-fixes). * bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). * bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). * bpf: Tighten ptr_to_btf_id checks (git-fixes). * bpf: fix precision propagation verbose logging (git-fixes). * bpf: prevent decl_tag from being referenced in func_proto (git-fixes). * bpf: propagate precision across all frames, not just the last one (git- fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * btf: Export bpf_dynptr definition (git-fixes). * btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). * ceph: add encryption support to writepage and writepages (jsc#SES-1880). * ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). * ceph: add helpers for converting names for userland presentation (jsc#SES-1880). * ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). * ceph: add new mount option to enable sparse reads (jsc#SES-1880). * ceph: add object version support for sync read (jsc#SES-1880). * ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). * ceph: add some fscrypt guardrails (jsc#SES-1880). * ceph: add support for encrypted snapshot names (jsc#SES-1880). * ceph: add support to readdir for encrypted names (jsc#SES-1880). * ceph: add truncate size handling support for fscrypt (jsc#SES-1880). * ceph: align data in pages in ceph_sync_write (jsc#SES-1880). * ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). * ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). * ceph: decode alternate_name in lease info (jsc#SES-1880). * ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). * ceph: drop messages from MDS when unmounting (jsc#SES-1880). * ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). * ceph: fix type promotion bug on 32bit systems (bsc#1216324). * ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). * ceph: fscrypt_auth handling for ceph (jsc#SES-1880). * ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). * ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). * ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). * ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). * ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). * ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). * ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). * ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). * ceph: mark directory as non-complete after loading key (jsc#SES-1880). * ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). * ceph: plumb in decryption during reads (jsc#SES-1880). * ceph: preallocate inode for ops that may create one (jsc#SES-1880). * ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). * ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). * ceph: send alternate_name in MClientRequest (jsc#SES-1880). * ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). * ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). * ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). * ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). * ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). * ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). * drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). * drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git- fixes). * drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). * drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). * drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). * drm/atomic-helper: relax unregistered connector check (git-fixes). * drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git- fixes). * drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). * drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git- fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * fix x86/mm: print the encryption features in hyperv is disabled * fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). * fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git- fixes). * iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * intel x86 platform vsec kABI workaround (bsc#1216202). * io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). * io_uring/rw: defer fsnotify calls to task context (git-fixes). * io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). * io_uring/rw: remove leftover debug statement (git-fixes). * io_uring: Replace 0-length array with flexible array (git-fixes). * io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). * io_uring: fix fdinfo sqe offsets calculation (git-fixes). * io_uring: fix memory leak when removing provided buffers (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) * kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). * libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). * libceph: add sparse read support to OSD client (jsc#SES-1880). * libceph: add sparse read support to msgr1 (jsc#SES-1880). * libceph: add spinlock around osd->o_requests (jsc#SES-1880). * libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). * libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). * libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). * libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). * libceph: use kernel_connect() (bsc#1216323). * misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git- fixes). * net: use sk_is_tcp() in more places (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). * platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). * platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). * platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). * platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). * r8152: Release firmware if we have an error in probe (git-fixes). * r8152: Run the unload routine if we have errors during probe (git-fixes). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). * scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). * scsi: iscsi: Add length check for nlattr payload (git-fixes). * scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). * scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). * scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). * scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git- fixes). * scsi: pm8001: Setup IRQs on resume (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). * scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). * scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). * selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto argument (git- fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto return type (git- fixes). * selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). * selftests/bpf: Clean up sys_nanosleep uses (git-fixes). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * treewide: Spelling fix in comment (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * usb: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * xen-netback: use default TX queue size for vifs (git-fixes). * xhci: Keep interrupt disabled in initialization until host is running (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4375=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4375=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4375=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4375=1 openSUSE-SLE-15.5-2023-4375=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4375=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4375=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4375=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4375=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150500.55.36.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-livepatch-devel-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-5.14.21-150500.55.36.1 * dlm-kmp-default-5.14.21-150500.55.36.1 * cluster-md-kmp-default-5.14.21-150500.55.36.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1 * gfs2-kmp-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-extra-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-5.14.21-150500.55.36.1 * kernel-source-vanilla-5.14.21-150500.55.36.1 * kernel-docs-html-5.14.21-150500.55.36.1 * kernel-source-5.14.21-150500.55.36.1 * kernel-macros-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-devel-5.14.21-150500.55.36.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.36.1 * kernel-debug-debugsource-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.36.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.36.1 * kernel-debug-vdso-5.14.21-150500.55.36.1 * kernel-default-vdso-5.14.21-150500.55.36.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150500.55.36.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.36.1 * kernel-default-base-rebuild-5.14.21-150500.55.36.1.150500.6.15.3 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.36.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.36.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-obs-qa-5.14.21-150500.55.36.1 * kselftests-kmp-default-5.14.21-150500.55.36.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-devel-5.14.21-150500.55.36.1 * reiserfs-kmp-default-5.14.21-150500.55.36.1 * kernel-obs-build-debugsource-5.14.21-150500.55.36.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.36.1 * kernel-obs-build-5.14.21-150500.55.36.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-livepatch-5.14.21-150500.55.36.1 * kernel-default-extra-5.14.21-150500.55.36.1 * cluster-md-kmp-default-5.14.21-150500.55.36.1 * kernel-default-livepatch-devel-5.14.21-150500.55.36.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.36.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-5.14.21-150500.55.36.1 * dlm-kmp-default-5.14.21-150500.55.36.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-syms-5.14.21-150500.55.36.1 * gfs2-kmp-default-5.14.21-150500.55.36.1 * kernel-default-optional-5.14.21-150500.55.36.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64) * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-debugsource-5.14.21-150500.55.36.1 * ocfs2-kmp-64kb-5.14.21-150500.55.36.1 * reiserfs-kmp-64kb-5.14.21-150500.55.36.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.36.1 * dtb-allwinner-5.14.21-150500.55.36.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.36.1 * dtb-arm-5.14.21-150500.55.36.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1 * dtb-rockchip-5.14.21-150500.55.36.1 * dtb-socionext-5.14.21-150500.55.36.1 * dtb-altera-5.14.21-150500.55.36.1 * kernel-64kb-devel-5.14.21-150500.55.36.1 * dtb-broadcom-5.14.21-150500.55.36.1 * dtb-cavium-5.14.21-150500.55.36.1 * dtb-freescale-5.14.21-150500.55.36.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * dtb-lg-5.14.21-150500.55.36.1 * dtb-amlogic-5.14.21-150500.55.36.1 * kernel-64kb-debuginfo-5.14.21-150500.55.36.1 * dlm-kmp-64kb-5.14.21-150500.55.36.1 * dtb-apple-5.14.21-150500.55.36.1 * dtb-sprd-5.14.21-150500.55.36.1 * dtb-renesas-5.14.21-150500.55.36.1 * dtb-mediatek-5.14.21-150500.55.36.1 * kernel-64kb-extra-5.14.21-150500.55.36.1 * gfs2-kmp-64kb-5.14.21-150500.55.36.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * dtb-qcom-5.14.21-150500.55.36.1 * dtb-apm-5.14.21-150500.55.36.1 * dtb-xilinx-5.14.21-150500.55.36.1 * dtb-nvidia-5.14.21-150500.55.36.1 * kselftests-kmp-64kb-5.14.21-150500.55.36.1 * dtb-exynos-5.14.21-150500.55.36.1 * kernel-64kb-optional-5.14.21-150500.55.36.1 * dtb-amd-5.14.21-150500.55.36.1 * dtb-amazon-5.14.21-150500.55.36.1 * dtb-marvell-5.14.21-150500.55.36.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * cluster-md-kmp-64kb-5.14.21-150500.55.36.1 * dtb-hisilicon-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-debugsource-5.14.21-150500.55.36.1 * kernel-64kb-devel-5.14.21-150500.55.36.1 * kernel-64kb-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-devel-5.14.21-150500.55.36.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.36.1 * kernel-devel-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.36.1 * kernel-obs-build-5.14.21-150500.55.36.1 * kernel-syms-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.36.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-5.14.21-150500.55.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39191.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214754 * https://bugzilla.suse.com/show_bug.cgi?id=1214874 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215545 * https://bugzilla.suse.com/show_bug.cgi?id=1215921 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216202 * https://bugzilla.suse.com/show_bug.cgi?id=1216322 * https://bugzilla.suse.com/show_bug.cgi?id=1216323 * https://bugzilla.suse.com/show_bug.cgi?id=1216324 * https://bugzilla.suse.com/show_bug.cgi?id=1216333 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 * https://bugzilla.suse.com/show_bug.cgi?id=802154 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 6 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 06 Nov 2023 20:30:04 -0000 Subject: SUSE-RU-2023:4382-1: important: Recommended update for release-notes-sles Message-ID: <169930260417.17774.13816839946230951427@smelt2.prg2.suse.org> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:4382-1 Rating: important References: * bsc#933411 * jsc#PED-4489 * jsc#PED-4564 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has one fix can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * Version 15.5.20231106: * aarch64: Added recommendation of 64K for NVIDIA Grace (jsc#PED-4564/jsc#PED-4489) * aarch64: Mention NVIDIA Grace Hopper and GPU (jsc#PED-4564) * aarch64: Updated 64K page size kernel flavor to supported (jsc#PED-4489) * aarch64: Added NVIDIA Grace (jsc#PED-4564) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-2023-4382=1 SUSE-SLE- INSTALLER-15-SP5-2023-4382=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4382=1 openSUSE-SLE-15.5-2023-4382=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 (noarch) * release-notes-sles-15.5.20231106-150500.3.9.1 * openSUSE Leap 15.5 (noarch) * release-notes-sles-15.5.20231106-150500.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch) * release-notes-sles-15.5.20231106-150500.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * release-notes-sles-15.5.20231106-150500.3.9.1 * SUSE Linux Enterprise Desktop 15 SP5 (noarch) * release-notes-sles-15.5.20231106-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-4489 * https://jira.suse.com/browse/PED-4564 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 7 08:03:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Nov 2023 09:03:24 +0100 (CET) Subject: SUSE-CU-2023:3695-1: Security update of suse/nginx Message-ID: <20231107080324.B9927F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3695-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.29 , suse/nginx:latest Container Release : 5.29 Severity : moderate Type : security References : 1212535 1212881 1212883 1212888 1213273 1213274 1213589 1213590 1214574 CVE-2020-18768 CVE-2023-25433 CVE-2023-26966 CVE-2023-2908 CVE-2023-3316 CVE-2023-3576 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4370-1 Released: Mon Nov 6 09:51:10 2023 Summary: Security update for tiff Type: security Severity: moderate References: 1212535,1212881,1212883,1212888,1213273,1213274,1213589,1213590,1214574,CVE-2020-18768,CVE-2023-25433,CVE-2023-26966,CVE-2023-2908,CVE-2023-3316,CVE-2023-3576,CVE-2023-3618,CVE-2023-38288,CVE-2023-38289 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). The following package changes have been done: - libtiff5-4.0.9-150000.45.32.1 updated From sle-updates at lists.suse.com Wed Nov 8 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Nov 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4383-1: moderate: Recommended update for crmsh Message-ID: <169943220299.11488.14235015183656677226@smelt2.prg2.suse.org> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:4383-1 Rating: moderate References: * bsc#1203601 * bsc#1208216 * bsc#1213797 * bsc#1215438 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Update to version 4.4.2+20231010.03e9316f * report: Pick up tarball suffix dynamically (bsc#1215438) * report: Pick 'gzip' as the first compress prog for cross-platform compatibility(bsc#1215438) * upgradeutil: reduce ConnectTimeout when checking the availability of ssh access (bsc#1213797) * ui_cluster: 'crm cluster stop' failed to stop services (bsc#1203601) * utils: Change the way to get pacemaker's version (bsc#1208216) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4383=1 openSUSE-SLE-15.4-2023-4383=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4383=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crmsh-test-4.4.2+20231010.03e9316f-150400.3.28.1 * crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1 * crmsh-4.4.2+20231010.03e9316f-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1 * crmsh-4.4.2+20231010.03e9316f-150400.3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203601 * https://bugzilla.suse.com/show_bug.cgi?id=1208216 * https://bugzilla.suse.com/show_bug.cgi?id=1213797 * https://bugzilla.suse.com/show_bug.cgi?id=1215438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 8 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 08 Nov 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4384-1: important: Security update for squid Message-ID: <169944660319.11019.165223792939137606@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4384-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4384=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4384=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE CaaS Platform 4.0 (x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:09 -0000 Subject: SUSE-SU-2023:4412-1: moderate: Maintenance update for SUSE Manager 4.3.9 Release Notes Message-ID: <169951860929.18936.17205867986616081877@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3.9 Release Notes Announcement ID: SUSE-SU-2023:4412-1 Rating: moderate References: * bsc#1204270 * bsc#1211047 * bsc#1211145 * bsc#1211270 * bsc#1211912 * bsc#1212168 * bsc#1212507 * bsc#1213132 * bsc#1213376 * bsc#1213469 * bsc#1213680 * bsc#1213689 * bsc#1214041 * bsc#1214121 * bsc#1214463 * bsc#1214553 * bsc#1214746 * bsc#1215027 * bsc#1215120 * bsc#1215157 * bsc#1215412 * bsc#1215514 * bsc#1216411 * bsc#1216661 * jsc#MSQA-706 * jsc#SUMA-111 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains two features and has 23 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.9 * Bugs mentioned bsc#1212507, bsc#1216411 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: * Update to SUSE Manager 4.3.9 * Debian 12 support as client * New Update Notification (jsc#SUMA-111) * Monitoring: Grafana upgraded to 9.5.8 * Update 'saltkey' endpoints to accept GET instead of POST * CVEs fixed: CVE-2023-34049 * Bugs mentioned: bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270, bsc#1211912 bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469 bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463 bsc#1214553, bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412 bsc#1215514, bsc#1216661, bsc#1215157 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4412=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-4412=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1204270 * https://bugzilla.suse.com/show_bug.cgi?id=1211047 * https://bugzilla.suse.com/show_bug.cgi?id=1211145 * https://bugzilla.suse.com/show_bug.cgi?id=1211270 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 * https://bugzilla.suse.com/show_bug.cgi?id=1212168 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1213132 * https://bugzilla.suse.com/show_bug.cgi?id=1213376 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1213680 * https://bugzilla.suse.com/show_bug.cgi?id=1213689 * https://bugzilla.suse.com/show_bug.cgi?id=1214041 * https://bugzilla.suse.com/show_bug.cgi?id=1214121 * https://bugzilla.suse.com/show_bug.cgi?id=1214463 * https://bugzilla.suse.com/show_bug.cgi?id=1214553 * https://bugzilla.suse.com/show_bug.cgi?id=1214746 * https://bugzilla.suse.com/show_bug.cgi?id=1215027 * https://bugzilla.suse.com/show_bug.cgi?id=1215120 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://bugzilla.suse.com/show_bug.cgi?id=1215412 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1216411 * https://bugzilla.suse.com/show_bug.cgi?id=1216661 * https://jira.suse.com/browse/MSQA-706 * https://jira.suse.com/browse/SUMA-111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:13 -0000 Subject: SUSE-RU-2023:4411-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951861301.18936.4748422566635556864@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4411-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-4411=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-1.27.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:29 -0000 Subject: SUSE-RU-2023:4408-1: important: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951862989.18936.1992601750495308011@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4408-1 Rating: important References: * bsc#1097531 * bsc#1182851 * bsc#1186738 * bsc#1190781 * bsc#1193357 * bsc#1193948 * bsc#1194632 * bsc#1195624 * bsc#1195895 * bsc#1196050 * bsc#1196432 * bsc#1197288 * bsc#1197417 * bsc#1197533 * bsc#1197637 * bsc#1198489 * bsc#1198556 * bsc#1198744 * bsc#1199149 * bsc#1199372 * bsc#1199562 * bsc#1200566 * bsc#1200596 * bsc#1201082 * bsc#1202165 * bsc#1202631 * bsc#1203685 * bsc#1203834 * bsc#1203886 * bsc#1204206 * bsc#1204939 * bsc#1205687 * bsc#1207071 * bsc#1208691 * bsc#1209233 * bsc#1210954 * bsc#1210994 * bsc#1211591 * bsc#1211612 * bsc#1211741 * bsc#1211754 * bsc#1212516 * bsc#1212517 * bsc#1212794 * bsc#1212844 * bsc#1212855 * bsc#1213257 * bsc#1213293 * bsc#1213441 * bsc#1213518 * bsc#1213630 * bsc#1213926 * bsc#1213960 * bsc#1214796 * bsc#1214797 * bsc#1215489 * jsc#MSQA-706 * jsc#PED-3139 Cross-References: * CVE-2022-22934 * CVE-2022-22935 * CVE-2022-22936 * CVE-2022-22941 * CVE-2022-22967 * CVE-2023-20897 * CVE-2023-20898 * CVE-2023-28370 CVSS scores: * CVE-2022-22934 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22934 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22935 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22935 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-22936 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22936 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22941 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22941 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22967 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22967 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20897 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-20897 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-20898 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20898 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Debian 12 An update that solves eight vulnerabilities, contains two features and has 48 fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Provide the venv-salt-minion version 3006.0 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 12 zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2023-4408=1 ## Package List: * SUSE Manager Client Tools for Debian 12 (amd64) * venv-salt-minion-3006.0-2.3.3 ## References: * https://www.suse.com/security/cve/CVE-2022-22934.html * https://www.suse.com/security/cve/CVE-2022-22935.html * https://www.suse.com/security/cve/CVE-2022-22936.html * https://www.suse.com/security/cve/CVE-2022-22941.html * https://www.suse.com/security/cve/CVE-2022-22967.html * https://www.suse.com/security/cve/CVE-2023-20897.html * https://www.suse.com/security/cve/CVE-2023-20898.html * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1097531 * https://bugzilla.suse.com/show_bug.cgi?id=1182851 * https://bugzilla.suse.com/show_bug.cgi?id=1186738 * https://bugzilla.suse.com/show_bug.cgi?id=1190781 * https://bugzilla.suse.com/show_bug.cgi?id=1193357 * https://bugzilla.suse.com/show_bug.cgi?id=1193948 * https://bugzilla.suse.com/show_bug.cgi?id=1194632 * https://bugzilla.suse.com/show_bug.cgi?id=1195624 * https://bugzilla.suse.com/show_bug.cgi?id=1195895 * https://bugzilla.suse.com/show_bug.cgi?id=1196050 * https://bugzilla.suse.com/show_bug.cgi?id=1196432 * https://bugzilla.suse.com/show_bug.cgi?id=1197288 * https://bugzilla.suse.com/show_bug.cgi?id=1197417 * https://bugzilla.suse.com/show_bug.cgi?id=1197533 * https://bugzilla.suse.com/show_bug.cgi?id=1197637 * https://bugzilla.suse.com/show_bug.cgi?id=1198489 * https://bugzilla.suse.com/show_bug.cgi?id=1198556 * https://bugzilla.suse.com/show_bug.cgi?id=1198744 * https://bugzilla.suse.com/show_bug.cgi?id=1199149 * https://bugzilla.suse.com/show_bug.cgi?id=1199372 * https://bugzilla.suse.com/show_bug.cgi?id=1199562 * https://bugzilla.suse.com/show_bug.cgi?id=1200566 * https://bugzilla.suse.com/show_bug.cgi?id=1200596 * https://bugzilla.suse.com/show_bug.cgi?id=1201082 * https://bugzilla.suse.com/show_bug.cgi?id=1202165 * https://bugzilla.suse.com/show_bug.cgi?id=1202631 * https://bugzilla.suse.com/show_bug.cgi?id=1203685 * https://bugzilla.suse.com/show_bug.cgi?id=1203834 * https://bugzilla.suse.com/show_bug.cgi?id=1203886 * https://bugzilla.suse.com/show_bug.cgi?id=1204206 * https://bugzilla.suse.com/show_bug.cgi?id=1204939 * https://bugzilla.suse.com/show_bug.cgi?id=1205687 * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1208691 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://bugzilla.suse.com/show_bug.cgi?id=1212794 * https://bugzilla.suse.com/show_bug.cgi?id=1212844 * https://bugzilla.suse.com/show_bug.cgi?id=1212855 * https://bugzilla.suse.com/show_bug.cgi?id=1213257 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213441 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213630 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://bugzilla.suse.com/show_bug.cgi?id=1213960 * https://bugzilla.suse.com/show_bug.cgi?id=1214796 * https://bugzilla.suse.com/show_bug.cgi?id=1214797 * https://bugzilla.suse.com/show_bug.cgi?id=1215489 * https://jira.suse.com/browse/MSQA-706 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:33 -0000 Subject: SUSE-RU-2023:4407-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951863345.18936.4443224855113133735@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4407-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Debian 11 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-4407=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (amd64) * venv-salt-minion-3006.0-2.41.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:37 -0000 Subject: SUSE-RU-2023:4406-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951863746.18936.2987845216891577384@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4406-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Debian 10 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-4406=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (amd64) * venv-salt-minion-3006.0-2.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:41 -0000 Subject: SUSE-RU-202310:15240-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951864134.18936.8730733229590634124@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-202310:15240-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202310-15240=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-2.34.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:44 -0000 Subject: SUSE-RU-202310:15239-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951864466.18936.8758034801739827023@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-202310:15239-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202310-15239=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (amd64) * venv-salt-minion-3006.0-2.43.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:49 -0000 Subject: SUSE-RU-2023:4403-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951864904.18936.10899541383614118353@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4403-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4403=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4403=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4403=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4403=1 ## Package List: * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.45.4 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.45.4 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.45.4 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.45.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:55 -0000 Subject: SUSE-RU-2023:4402-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <169951865509.18936.5042784804549550610@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:4402-1 Rating: moderate References: * bsc#1210954 * bsc#1213293 * bsc#1213518 * bsc#1213926 * jsc#MSQA-706 Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Add missing python modules to the bundle (bsc#1213926): * pycurl * tornado * Add jmespath python module to align the features of the salt bundle with classic salt-minion. Extra ply module was appended as a dependency of jmespath (bsc#1210954) * Add missing cryptography python module to the bundle * Add conditional venv-salt-minion-testsuite subpackage * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * include-deb * include-rpm * Make venv-dpkgnotify to use bundle python to run * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-4402=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-3.43.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210954 * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1213926 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:57 -0000 Subject: SUSE-RU-2023:4401-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951865724.18936.18368829234760963134@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4401-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-4401=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (noarch) * spacecmd-4.3.24-1.21.1 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:59 -0000 Subject: SUSE-RU-2023:4398-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951865962.18936.15571066296009424025@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4398-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Debian 12 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 12 zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2023-4398=1 ## Package List: * SUSE Manager Client Tools for Debian 12 (all) * spacecmd-4.3.24-3.3.2 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:02 -0000 Subject: SUSE-RU-2023:4397-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951866290.18936.16967978185235681052@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4397-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Debian 11 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-4397=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (all) * spacecmd-4.3.24-2.30.2 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:05 -0000 Subject: SUSE-RU-2023:4396-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951866544.18936.7311723585125454743@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4396-1 Rating: moderate References: * bsc#1213293 * bsc#1213518 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Debian 10 An update that contains one feature and has two fixes can now be installed. ## Description: This update fixes the following issues: salt: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-4396=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (all) * salt-minion-3006.0+ds-1+2.91.2 * spacecmd-4.3.24-2.57.2 * salt-common-3006.0+ds-1+2.91.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:08 -0000 Subject: SUSE-RU-202310:15237-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951866820.18936.12256413326388003738@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202310:15237-1 Rating: moderate References: * bsc#1213691 * jsc#ECO-3319 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that contains two features and has one fix can now be installed. ## Description: This update fixes the following issues: scap-security-guide: * Updated to 0.1.69 (jsc#ECO-3319) * Introduce a JSON build manifest * Introduce a script to compare ComplianceAsCode versions * Introduce CCN profiles for RHEL9 * Map rules to components * products/anolis23: supports Anolis OS 23 * Render components to HTML * Store rendered control files * Test and use rules to components mapping * Use distributed product properties * Revert patch that breaks the SLE hardening (bsc#1213691) * Updated to 0.1.68 (jsc#ECO-3319) * Bump OL8 STIG version to V1R6 * Introduce a Product class, make the project work with it * Introduce Fedora and Firefox CaC profiles for common workstation users * OL7 DISA STIG v2r11 update * Publish rendered policy artifacts * Update ANSSI BP-028 to version 2.0 * Updated to 0.1.67 (jsc#ECO-3319) * Add utils/controlrefcheck.py * RHEL 9 STIG Update Q1 2023 * Include warning for NetworkManager keyfiles in RHEL9 * OL7 stig v2r10 update * Bump version of OL8 STIG to V1R5 * Various enhancements to SLE profiles * Fix unicode/encode error in character in Scap security guide spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202310-15237=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (all) * scap-security-guide-ubuntu-0.1.69-2.14.3 * spacecmd-4.3.24-2.27.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213691 * https://jira.suse.com/browse/ECO-3319 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:11 -0000 Subject: SUSE-RU-202310:15236-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951867133.18936.13626094057511641141@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202310:15236-1 Rating: moderate References: * bsc#1213293 * bsc#1213518 * jsc#MSQA-706 Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that contains one feature and has two fixes can now be installed. ## Description: This update fixes the following issues: salt: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202310-15236=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (all) * salt-common-3006.0+ds-1+2.113.3 * spacecmd-4.3.24-2.72.2 * salt-minion-3006.0+ds-1+2.113.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:13 -0000 Subject: SUSE-RU-2023:4393-1: moderate: Recommended update for grafana Message-ID: <169951867371.18936.14917684843488999177@smelt2.prg2.suse.org> # Recommended update for grafana Announcement ID: SUSE-RU-2023:4393-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update for grafana fixes the following issues: * Update to version 9.5.8 GenericOAuth: Set sub as auth id DataSourceProxy: Fix url validation error handling Alerting: Sort NumberCaptureValues in EvaluationString Alerting: Improve performance of matching captures Alerting: No longer silence paused alerts during legacy migration Alerting: Remove and revert flag alertingBigTransactions Alerting: Migrate unknown NoData\Error settings to the default Tracing: supply Grafana build version Tempo: Escape regex-sensitive characters in span name before building promql query Plugins: Only configure plugin proxy transport once Alerting: Fix unique violation when updating rule group with title chains/cycles Prometheus: Version detect bug Prometheus: Fix heatmap format with no data Database: Change getExistingDashboardByTitleAndFolder to get dashboard by title, not slug Alerting: Convert 'Both' type Prometheus queries to 'Range' in migration SQLStore: Fix Postgres dialect treating "false" migrator default as true Alerting: Support newer http_config struct InfluxDB: Interpolate retention policies StatusHistory: Fix rendering of value-mapped null Alerting: Fix Alertmanager's provenance guard checks configuration to not cause panic when compared nested objects AnonymousAuth: Fix concurrent read-write crash AzureMonitor: Ensure legacy properties containing template variables are correctly migrated Explore: Remove data source onboarding page Dashboard: Re-align Save form Azure Monitor: Fix bug that did not show alert rule preview Histogram: Respect min/max panel settings for x-axis Heatmap: Fix color rendering for value ranges < 1 Heatmap: Handle unsorted timestamps in calculate mode Google Cloud Monitor: Fix mem usage for dropdown AzureMonitor: Fix logs query multi-resource and timespan values Utils: Reimplement util.GetRandomString to avoid modulo bias Alerting: Fix matching labels with spaces in their values Dashboard: Fix applying timezone to datetime variables Dashboard: Fix panel description event triggering every time panel is rendered Tempo: Fix get label values based on CoreApp type Heatmap: Fix log scale editor Dashboard: Fix disappearing panel when viewed panel is refreshed Prometheus: Fix bug in creating autocomplete queries with labels Prometheus: Fix Query Inspector expression range value Alerting: Fix migration failing if alert_configuration table is not empty InfluxDB: Fix querying retention policies on flux mode Dashboard: Fix library panels in collapsed rows not getting updated Auth: Add and document option for enabling email lookup ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4393=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4393=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4393=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4393=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.8-150200.3.50.4 * grafana-9.5.8-150200.3.50.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.8-150200.3.50.4 * grafana-9.5.8-150200.3.50.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.8-150200.3.50.4 * grafana-9.5.8-150200.3.50.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.8-150200.3.50.4 * grafana-9.5.8-150200.3.50.4 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:21 -0000 Subject: SUSE-RU-2023:4392-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951868144.18936.17351389474032556731@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4392-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: grafana: * Update to version 9.5.8: * Features and enhancements GenericOAuth: Set sub as auth id * Bug fixes: DataSourceProxy: Fix url validation error handling * Update to version 9.5.7: * Alerting: Sort NumberCaptureValues in EvaluationString * Alerting: Improve performance of matching captures * Alerting: No longer silence paused alerts during legacy migration * Alerting: Remove and revert flag alertingBigTransactions * Alerting: Migrate unknown NoData\Error settings to the default * Tracing: supply Grafana build version * Tempo: Escape regex-sensitive characters in span name before building promql query * Plugins: Only configure plugin proxy transport once * Alerting: Fix unique violation when updating rule group with title chains/cycles * Prometheus: Version detect bug * Prometheus: Fix heatmap format with no data * Database: Change getExistingDashboardByTitleAndFolder to get dashboard by title, not slug * Alerting: Convert 'Both' type Prometheus queries to 'Range' in * SQLStore: Fix Postgres dialect treating "false" migrator default as true * Alerting: Support newer http_config struct * InfluxDB: Interpolate retention policies * StatusHistory: Fix rendering of value-mapped null * Alerting: Fix provenance guard checks for Alertmanager configuration to not cause panic when compared nested objects * AnonymousAuth: Fix concurrent read-write crash * AzureMonitor: Ensure legacy properties containing template variables are correctly migrated * Explore: Remove data source onboarding page * Dashboard: Re-align Save form * Azure Monitor: Fix bug that did not show alert rule preview * Histogram: Respect min/max panel settings for x-axis * Heatmap: Fix color rendering for value ranges < 1 * Heatmap: Handle unsorted timestamps in calculate mode * Google Cloud Monitor: Fix mem usage for dropdown * AzureMonitor: Fix logs query multi-resource and timespan values * Utils: Reimplement util.GetRandomString to avoid modulo bias * Alerting: Fix matching labels with spaces in their values * Dashboard: Fix applying timezone to datetime variables * Dashboard: Fix panel description event triggering every time panel is rendered * Tempo: Fix get label values based on CoreApp type * Heatmap: Fix log scale editor * Dashboard: Fix disappearing panel when viewed panel is refreshed * Prometheus: Fix bug in creating autocomplete queries with labels * Prometheus: Fix Query Inspector expression range value * Alerting: Fix migration failing if alert_configuration table is not empty * InfluxDB: Fix querying retention policies on flux mode * Update to version 9.5.6: * Dashboard: Fix library panels in collapsed rows not getting updated * Auth: Add and document option for enabling email lookup spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) spacewalk-client-tools: * Version 4.3.16-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4392=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4392=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4392=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4392=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-promu-0.14.0-150000.3.15.2 * openSUSE Leap 15.5 (noarch) * spacecmd-4.3.24-150000.3.107.1 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * grafana-9.5.8-150000.1.57.2 * grafana-debuginfo-9.5.8-150000.1.57.2 * SUSE Manager Client Tools for SLE 15 (noarch) * spacecmd-4.3.24-150000.3.107.1 * python3-spacewalk-client-tools-4.3.16-150000.3.80.2 * python3-spacewalk-client-setup-4.3.16-150000.3.80.2 * python3-spacewalk-check-4.3.16-150000.3.80.2 * spacewalk-client-setup-4.3.16-150000.3.80.2 * spacewalk-client-tools-4.3.16-150000.3.80.2 * spacewalk-check-4.3.16-150000.3.80.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-promu-0.14.0-150000.3.15.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-promu-0.14.0-150000.3.15.2 * openSUSE Leap 15.4 (noarch) * spacecmd-4.3.24-150000.3.107.1 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:23 -0000 Subject: SUSE-RU-2023:4391-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169951868386.18936.4404009513177216105@smelt2.prg2.suse.org> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:4391-1 Rating: moderate References: * jsc#MSQA-706 Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: golang-github-prometheus-promu: * Always set user and host build metadata to constant string to achieve reproducible builds (compare reproducible-builds.org) * Require Go >= 1.19 for building * Require Go >= 1.18 for building Red Hat packages grafana: * Update to version 9.5.8: * Features and enhancements GenericOAuth: Set sub as auth id * Bug fixes: DataSourceProxy: Fix url validation error handling * Update to version 9.5.7: * Alerting: Sort NumberCaptureValues in EvaluationString * Alerting: Improve performance of matching captures * Alerting: No longer silence paused alerts during legacy migration * Alerting: Remove and revert flag alertingBigTransactions * Alerting: Migrate unknown NoData\Error settings to the default * Tracing: supply Grafana build version * Tempo: Escape regex-sensitive characters in span name before building promql query * Plugins: Only configure plugin proxy transport once * Alerting: Fix unique violation when updating rule group with title chains/cycles * Prometheus: Version detect bug * Prometheus: Fix heatmap format with no data * Database: Change getExistingDashboardByTitleAndFolder to get dashboard by title, not slug * Alerting: Convert 'Both' type Prometheus queries to 'Range' in * SQLStore: Fix Postgres dialect treating "false" migrator default as true * Alerting: Support newer http_config struct * InfluxDB: Interpolate retention policies * StatusHistory: Fix rendering of value-mapped null * Alerting: Fix provenance guard checks for Alertmanager configuration to not cause panic when compared nested objects * AnonymousAuth: Fix concurrent read-write crash * AzureMonitor: Ensure legacy properties containing template variables are correctly migrated * Explore: Remove data source onboarding page * Dashboard: Re-align Save form * Azure Monitor: Fix bug that did not show alert rule preview * Histogram: Respect min/max panel settings for x-axis * Heatmap: Fix color rendering for value ranges < 1 * Heatmap: Handle unsorted timestamps in calculate mode * Google Cloud Monitor: Fix mem usage for dropdown * AzureMonitor: Fix logs query multi-resource and timespan values * Utils: Reimplement util.GetRandomString to avoid modulo bias * Alerting: Fix matching labels with spaces in their values * Dashboard: Fix applying timezone to datetime variables * Dashboard: Fix panel description event triggering every time panel is rendered * Tempo: Fix get label values based on CoreApp type * Heatmap: Fix log scale editor * Dashboard: Fix disappearing panel when viewed panel is refreshed * Prometheus: Fix bug in creating autocomplete queries with labels * Prometheus: Fix Query Inspector expression range value * Alerting: Fix migration failing if alert_configuration table is not empty * InfluxDB: Fix querying retention policies on flux mode * Update to version 9.5.6: * Dashboard: Fix library panels in collapsed rows not getting updated * Auth: Add and document option for enabling email lookup spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) spacewalk-client-tools: * Version 4.3.16-1 * Update translation strings ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-4391=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * grafana-9.5.8-1.57.4 * golang-github-prometheus-promu-0.14.0-1.15.3 * SUSE Manager Client Tools for SLE 12 (noarch) * spacecmd-4.3.24-38.130.3 * spacewalk-check-4.3.16-52.89.3 * python2-spacewalk-client-tools-4.3.16-52.89.3 * python2-spacewalk-client-setup-4.3.16-52.89.3 * python2-spacewalk-check-4.3.16-52.89.3 * spacewalk-client-tools-4.3.16-52.89.3 * spacewalk-client-setup-4.3.16-52.89.3 ## References: * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:27 -0000 Subject: SUSE-SU-2023:4390-1: important: Security update for salt Message-ID: <169951868750.18936.6223580329873746458@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4390-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4390=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4390=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4390=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE CaaS Platform 4.0 (x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE CaaS Platform 4.0 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:30 -0000 Subject: SUSE-SU-2023:4389-1: important: Security update for salt Message-ID: <169951869079.18936.8213088639021395688@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4389-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4389=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4389=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-transactional-update-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-transactional-update-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:34 -0000 Subject: SUSE-SU-2023:4388-1: important: Security update for salt Message-ID: <169951869464.18936.3258240655934099931@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4388-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4388=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4388=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4388=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4388=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4388=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4388=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4388=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4388=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4388=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4388=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4388=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4388=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4388=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python2-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-doc-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python2-simplejson-3.17.2-150300.3.4.1 * python3-salt-3006.0-150300.53.65.2 * python3-salt-testsuite-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Enterprise Storage 7.1 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-transactional-update-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-transactional-update-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:39 -0000 Subject: SUSE-SU-2023:4387-1: important: Security update for salt Message-ID: <169951869992.18936.11214559845067339265@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4387-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Transactional Server Module 15-SP4 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4387=1 SUSE-2023-4387=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4387=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4387=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4387=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4387=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-4387=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * salt-master-3006.0-150400.8.49.2 * salt-proxy-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * salt-standalone-formulas-configuration-3006.0-150400.8.49.2 * salt-minion-3006.0-150400.8.49.2 * salt-syndic-3006.0-150400.8.49.2 * salt-doc-3006.0-150400.8.49.2 * python3-salt-testsuite-3006.0-150400.8.49.2 * salt-api-3006.0-150400.8.49.2 * salt-cloud-3006.0-150400.8.49.2 * salt-ssh-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * openSUSE Leap 15.4 (noarch) * salt-bash-completion-3006.0-150400.8.49.2 * salt-fish-completion-3006.0-150400.8.49.2 * salt-zsh-completion-3006.0-150400.8.49.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-doc-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * Basesystem Module 15-SP4 (noarch) * salt-bash-completion-3006.0-150400.8.49.2 * salt-zsh-completion-3006.0-150400.8.49.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150400.8.49.2 * salt-proxy-3006.0-150400.8.49.2 * salt-standalone-formulas-configuration-3006.0-150400.8.49.2 * salt-syndic-3006.0-150400.8.49.2 * salt-api-3006.0-150400.8.49.2 * salt-cloud-3006.0-150400.8.49.2 * salt-ssh-3006.0-150400.8.49.2 * Server Applications Module 15-SP4 (noarch) * salt-fish-completion-3006.0-150400.8.49.2 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150400.8.49.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:43 -0000 Subject: SUSE-SU-2023:4386-1: important: Security update for salt Message-ID: <169951870362.18936.1416320572905631948@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4386-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Transactional Server Module 15-SP5 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4386=1 SUSE-2023-4386=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4386=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4386=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4386=1 * Transactional Server Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-4386=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * salt-proxy-3006.0-150500.4.24.2 * salt-standalone-formulas-configuration-3006.0-150500.4.24.2 * salt-3006.0-150500.4.24.2 * salt-cloud-3006.0-150500.4.24.2 * salt-master-3006.0-150500.4.24.2 * salt-api-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * salt-syndic-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * salt-transactional-update-3006.0-150500.4.24.2 * salt-doc-3006.0-150500.4.24.2 * python3-salt-testsuite-3006.0-150500.4.24.2 * salt-ssh-3006.0-150500.4.24.2 * openSUSE Leap 15.5 (noarch) * salt-bash-completion-3006.0-150500.4.24.2 * salt-fish-completion-3006.0-150500.4.24.2 * salt-zsh-completion-3006.0-150500.4.24.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * salt-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * salt-transactional-update-3006.0-150500.4.24.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-doc-3006.0-150500.4.24.2 * salt-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * Basesystem Module 15-SP5 (noarch) * salt-bash-completion-3006.0-150500.4.24.2 * salt-zsh-completion-3006.0-150500.4.24.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-proxy-3006.0-150500.4.24.2 * salt-standalone-formulas-configuration-3006.0-150500.4.24.2 * salt-cloud-3006.0-150500.4.24.2 * salt-master-3006.0-150500.4.24.2 * salt-api-3006.0-150500.4.24.2 * salt-syndic-3006.0-150500.4.24.2 * salt-ssh-3006.0-150500.4.24.2 * Server Applications Module 15-SP5 (noarch) * salt-fish-completion-3006.0-150500.4.24.2 * Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150500.4.24.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 9 08:31:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:54 -0000 Subject: SUSE-RU-2023:4385-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Message-ID: <169951871428.18936.76397547984209950@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2023:4385-1 Rating: important References: * bsc#1204270 * bsc#1211047 * bsc#1211145 * bsc#1211270 * bsc#1211912 * bsc#1212168 * bsc#1212507 * bsc#1213132 * bsc#1213376 * bsc#1213469 * bsc#1213680 * bsc#1213689 * bsc#1214041 * bsc#1214121 * bsc#1214463 * bsc#1214553 * bsc#1214746 * bsc#1215027 * bsc#1215120 * bsc#1215412 * bsc#1215514 * bsc#1216411 * bsc#1216661 * jsc#MSQA-706 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature and has 23 fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: apache2-mod_wsgi: * Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable when updating apache2-mod_wsgi (bsc#1216411) spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) spacewalk-backend: * Version 4.3.24-1 * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-client-tools: * Version 4.3.16-1 * Update translation strings spacewalk-web: * Version 4.3.35-1 * Add missing translation wrappers for Salt formula catalog * Shows a notification when an update for SUSE Manager is available How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: billing-data-service: * Version 4.3.1-1 * Align the package version with the SUSE Manager major version 4.3 cobbler: * Buildiso: copy grub into ESP using mtools to allow execution in containers * Add mtools as dependency for Cobbler susemanager-docs_en: * Removed technical preview statement about Ansible in Administration Guide (bsc#1216661) * Replace the "Quick Start: Public Cloud" with "Public Cloud Guide" in Specialized Guides * Provide the right base operating system service pack version to be used for SUSE Manager Proxy (bsc#1213469) * Add Debian 12 as supported client in Client Configuration Guide smdba: * Version 1.7.12 * re-use configured max_connection value * keep previous selected value for SSD configuration spacecmd: * Version 4.3.24-1 * Change default scheduler from (none) to (system) spacewalk-backend: * Version 4.3.24-1 * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507) spacewalk-client-tools: * Version 4.3.16-1 * Update translation strings spacewalk-config: * Version 4.3.12-1 * Handle spaces in /ks/dist/ file names (bsc#1213680) spacewalk-java: * Version 4.3.68-1 * Sync GPG properties on each build in CLM (bsc#1213689) * Change list endpoints in saltkey namespace to accept GET requests instead of POST (bsc#1214463) * Respect user email preferences when sending 'user creation' emails (bsc#1214553) * Fix server error when visiting the notifications page * Fixed the value of the advisory release for Ubuntu erratas * Restart the bunch from where it was interrupted when rescheduling * Moved the Ubuntu errata processing in its own separate taskomatic task (bsc#1211145) * Stop the taskomatic bunch execution if it was not possible to execute one of the tasks * Add detection of Debian 12 * Implement different way to copy data for SystemPackageUpdate report database table (bsc#1211912) * Avoid SCC credentials check if `server.susemanager.fromdir` is set (bsc#1211270) * Fix bug about listing Ansible inventories (bsc#1213132) * Remove SUSE Manager proxy 4.2 product channel for PAYG instance (bsc#1215412) * Show a notification when an update for SUSE Manager is available * Optimize memory usage in UbuntuErrataManager * Handle spaces in /ks/dist/ file names (bsc#1213680) * Change default scheduler from (none) to (system) * Set user for package list refresh action if possible * Fix recurring state execution not using the correct order (bsc#1215027) * Ignore mandatory channels results that don't match list of channels (bsc#1204270) * Token cleanup process removing invalid tokens using sql query (bsc#1213376) * Fix failed actions rescheduling (bsc#1214121) * Fix unscheduling actions when the trigger name changed after retry (bsc#1214121) * Improve Taskomatic by removing invalid triggers before starting and enhancing logs * Revert action executor fix that was intended to prevent blocking of Taskomatic threads (bsc#1214121) * Extend success message after adding monitoring property (bsc#1212168) spacewalk-utils: * Version 4.3.18-1 * Add Debian 12 repositories spacewalk-web: * Version 4.3.35-1 * Add missing translation wrappers for Salt formula catalog * Shows a notification when an update for SUSE Manager is available susemanager: * Version 4.3.32-1 * Add bootstrap repository definition for OES2023.4 (bsc#1215514) * Add bootstrap repository definitions for Debian 12 * Fix SLES 15 for SAP not being listed in mgr-create-bootstrap-repo (bsc#1215120) * Add missing PKGLIST15_TRAD for SLES 15 SAP mgr-create-bootstrap-repo entries (bsc#1215120) * Fix possible permission issues with database migration script (bsc#1214746) susemanager-docs_en: * Added comment about SCC subscription to Administration Guide (bsc#1211270) * Added Debian 12 as a technology preview client in Client Configuration Guide * Fixed over-long table issue in openSCAP chapter in Administration Guide * Update Hardware Requirements section about disk space for /var/spacewalk in the Installation and Upgrade Guide * Documented disabling automatic channel selection for cloned channels in Content Lifecycle Management chapter of Administration Guide (bsc#1211047) * Fixed broken links and references in the Image building file in * Updated autoinstallation chapter in Client Configuration Guide about buildiso command in the context of Cobbler * Removed end-of-life openSUSE Leap clients from the support matrix in the Client Configuration Guide * Added note about Jinja templating for configuration files management on Salt Clients in Client Configuration Guide * Fixed DHCP example for Cobbler autoinstallation and added one per architecture in Client Configuration Guide (bsc#1214041) Guide (bsc#1213469) susemanager-schema: * Version 4.3.21-1 * Add index on server needed cache to improve performance for some queries (bsc#1211912) * Moved the Ubuntu errata processing in its own separate taskomatic task (bsc#1211145) susemanager-sls: * Version 4.3.36-1 * Do not install instance-flavor-check tool on openSUSE susemanager-sync-data: * Version 4.3.13-1 * Add OES2023.4 (bsc#1215514) * Add Debian 12 amd64 How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for apache2-mod_wsgi ### Description: This update fixes the following issues: apache2-mod_wsgi: * Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable when updating apache2-mod_wsgi (bsc#1216411) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4385=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4385=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4385=1 openSUSE-SLE-15.4-2023-4385=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4385=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4385=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4385=1 ## Package List: * SUSE Manager Proxy 4.3 Module 4.3 (x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7 * apache2-mod_wsgi-4.7.1-150400.3.7.7 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacewalk-backend-4.3.24-150400.3.30.16 * python3-spacewalk-client-setup-4.3.16-150400.3.18.13 * spacewalk-base-minimal-4.3.35-150400.3.33.14 * spacewalk-check-4.3.16-150400.3.18.13 * python3-spacewalk-check-4.3.16-150400.3.18.13 * spacewalk-base-minimal-config-4.3.35-150400.3.33.14 * python3-spacewalk-client-tools-4.3.16-150400.3.18.13 * spacewalk-client-setup-4.3.16-150400.3.18.13 * spacewalk-client-tools-4.3.16-150400.3.18.13 * spacecmd-4.3.24-150400.3.27.10 * SUSE Manager Server 4.3 Module 4.3 (noarch) * susemanager-schema-utility-4.3.21-150400.3.27.11 * susemanager-docs_en-pdf-4.3-150400.9.47.1 * spacewalk-backend-iss-export-4.3.24-150400.3.30.16 * uyuni-config-modules-4.3.36-150400.3.34.6 * spacewalk-backend-sql-4.3.24-150400.3.30.16 * spacewalk-base-minimal-4.3.35-150400.3.33.14 * spacewalk-java-config-4.3.68-150400.3.66.14 * spacewalk-backend-iss-4.3.24-150400.3.30.16 * spacewalk-backend-sql-postgresql-4.3.24-150400.3.30.16 * cobbler-3.3.3-150400.5.36.10 * spacewalk-java-lib-4.3.68-150400.3.66.14 * spacewalk-utils-4.3.18-150400.3.18.10 * susemanager-docs_en-4.3-150400.9.47.1 * spacewalk-java-postgresql-4.3.68-150400.3.66.14 * spacewalk-backend-server-4.3.24-150400.3.30.16 * spacewalk-backend-config-files-tool-4.3.24-150400.3.30.16 * spacewalk-base-minimal-config-4.3.35-150400.3.33.14 * susemanager-schema-4.3.21-150400.3.27.11 * spacewalk-html-4.3.35-150400.3.33.14 * spacewalk-client-tools-4.3.16-150400.3.18.13 * spacewalk-backend-package-push-server-4.3.24-150400.3.30.16 * spacewalk-backend-applet-4.3.24-150400.3.30.16 * spacewalk-taskomatic-4.3.68-150400.3.66.14 * billing-data-service-4.3.1-150400.10.9.10 * spacewalk-backend-tools-4.3.24-150400.3.30.16 * susemanager-sls-4.3.36-150400.3.34.6 * spacewalk-backend-app-4.3.24-150400.3.30.16 * spacewalk-java-4.3.68-150400.3.66.14 * spacewalk-backend-xmlrpc-4.3.24-150400.3.30.16 * spacewalk-backend-xml-export-libs-4.3.24-150400.3.30.16 * spacecmd-4.3.24-150400.3.27.10 * spacewalk-backend-4.3.24-150400.3.30.16 * spacewalk-utils-extras-4.3.18-150400.3.18.10 * spacewalk-base-4.3.35-150400.3.33.14 * spacewalk-config-4.3.12-150400.3.12.10 * spacewalk-backend-config-files-4.3.24-150400.3.30.16 * susemanager-sync-data-4.3.13-150400.3.14.10 * python3-spacewalk-client-tools-4.3.16-150400.3.18.13 * spacewalk-backend-config-files-common-4.3.24-150400.3.30.16 * SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64) * susemanager-4.3.32-150400.3.39.6 * susemanager-tools-4.3.32-150400.3.39.6 * smdba-1.7.12-0.150400.4.9.10 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7 * apache2-mod_wsgi-4.7.1-150400.3.7.7 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7 * apache2-mod_wsgi-4.7.1-150400.3.7.7 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7 * apache2-mod_wsgi-4.7.1-150400.3.7.7 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7 * apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7 * apache2-mod_wsgi-4.7.1-150400.3.7.7 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204270 * https://bugzilla.suse.com/show_bug.cgi?id=1211047 * https://bugzilla.suse.com/show_bug.cgi?id=1211145 * https://bugzilla.suse.com/show_bug.cgi?id=1211270 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 * https://bugzilla.suse.com/show_bug.cgi?id=1212168 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1213132 * https://bugzilla.suse.com/show_bug.cgi?id=1213376 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1213680 * https://bugzilla.suse.com/show_bug.cgi?id=1213689 * https://bugzilla.suse.com/show_bug.cgi?id=1214041 * https://bugzilla.suse.com/show_bug.cgi?id=1214121 * https://bugzilla.suse.com/show_bug.cgi?id=1214463 * https://bugzilla.suse.com/show_bug.cgi?id=1214553 * https://bugzilla.suse.com/show_bug.cgi?id=1214746 * https://bugzilla.suse.com/show_bug.cgi?id=1215027 * https://bugzilla.suse.com/show_bug.cgi?id=1215120 * https://bugzilla.suse.com/show_bug.cgi?id=1215412 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1216411 * https://bugzilla.suse.com/show_bug.cgi?id=1216661 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 10 10:08:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2023 11:08:01 +0100 (CET) Subject: SUSE-CU-2023:3696-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231110100801.B152CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3696-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.2 Container Release : 9.40.2 Severity : important Type : security References : 1204270 1204270 1211047 1211047 1211145 1211145 1211270 1211270 1211912 1211912 1212168 1212168 1212507 1212507 1213132 1213132 1213376 1213376 1213469 1213469 1213680 1213680 1213689 1213689 1214041 1214041 1214121 1214121 1214463 1214463 1214553 1214553 1214746 1214746 1215027 1215027 1215120 1215120 1215157 1215412 1215412 1215514 1215514 1216411 1216411 1216661 1216661 CVE-2023-34049 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4385-1 Released: Thu Nov 9 03:30:32 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: important References: 1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215412,1215514,1216411,1216661 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4412-1 Released: Thu Nov 9 03:49:51 2023 Summary: Maintenance update for SUSE Manager 4.3.9 Release Notes Type: security Severity: moderate References: 1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215157,1215412,1215514,1216411,1216661,CVE-2023-34049 Maintenance update for SUSE Manager 4.3.9 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.9-150400.3.69.1 updated - apache2-mod_wsgi-4.7.1-150400.3.7.7 updated - spacewalk-backend-4.3.24-150400.3.30.16 updated - python3-spacewalk-client-tools-4.3.16-150400.3.18.13 updated - spacewalk-client-tools-4.3.16-150400.3.18.13 updated From sle-updates at lists.suse.com Fri Nov 10 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4415-1: important: Security update for clamav Message-ID: <169964820453.20587.12785716167665126738@smelt2.prg2.suse.org> # Security update for clamav Announcement ID: SUSE-SU-2023:4415-1 Rating: important References: * bsc#1216625 Cross-References: * CVE-2023-40477 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for clamav fixes the following issues: * Updated to version 0.103.11: * CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 (bsc#1216625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4415=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4415=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4415=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4415=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4415=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4415=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4415=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4415=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4415=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Proxy 4.2 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE CaaS Platform 4.0 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40477.html * https://bugzilla.suse.com/show_bug.cgi?id=1216625 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 10 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2023 20:30:11 -0000 Subject: SUSE-SU-2023:4414-1: important: Security update for the Linux Kernel Message-ID: <169964821176.20587.15373774782990513975@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4414-1 Rating: important References: * bsc#1208788 * bsc#1211162 * bsc#1211307 * bsc#1212423 * bsc#1213705 * bsc#1213772 * bsc#1214754 * bsc#1214874 * bsc#1215104 * bsc#1215523 * bsc#1215545 * bsc#1215921 * bsc#1215955 * bsc#1215986 * bsc#1216062 * bsc#1216202 * bsc#1216322 * bsc#1216323 * bsc#1216324 * bsc#1216333 * bsc#1216345 * bsc#1216512 Cross-References: * CVE-2023-2163 * CVE-2023-2860 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39191 * CVE-2023-39193 * CVE-2023-45862 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46813 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) * CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). * ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). * ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). * ALSA: hda/realtek - Fixed two speaker platform (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). * ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * Drop amdgpu patch causing spamming (bsc#1215523). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). * Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). * USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * USB: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bonding: Fix extraction of ports from the packet headers (bsc#1214754). * bonding: Return pointer to data after pull on skb (bsc#1214754). * bonding: do not assume skb mac_header is set (bsc#1214754). * bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). * bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). * bpf: Add override check to kprobe multi link attach (git-fixes). * bpf: Add zero_map_value to zero map value with special fields (git-fixes). * bpf: Cleanup check_refcount_ok (git-fixes). * bpf: Fix max stack depth check for async callbacks (git-fixes). * bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). * bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). * bpf: Fix resetting logic for unreferenced kptrs (git-fixes). * bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). * bpf: Gate dynptr API behind CAP_BPF (git-fixes). * bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). * bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). * bpf: Tighten ptr_to_btf_id checks (git-fixes). * bpf: fix precision propagation verbose logging (git-fixes). * bpf: prevent decl_tag from being referenced in func_proto (git-fixes). * bpf: propagate precision across all frames, not just the last one (git- fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * btf: Export bpf_dynptr definition (git-fixes). * btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). * ceph: add encryption support to writepage and writepages (jsc#SES-1880). * ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). * ceph: add helpers for converting names for userland presentation (jsc#SES-1880). * ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). * ceph: add new mount option to enable sparse reads (jsc#SES-1880). * ceph: add object version support for sync read (jsc#SES-1880). * ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). * ceph: add some fscrypt guardrails (jsc#SES-1880). * ceph: add support for encrypted snapshot names (jsc#SES-1880). * ceph: add support to readdir for encrypted names (jsc#SES-1880). * ceph: add truncate size handling support for fscrypt (jsc#SES-1880). * ceph: align data in pages in ceph_sync_write (jsc#SES-1880). * ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). * ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). * ceph: decode alternate_name in lease info (jsc#SES-1880). * ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). * ceph: drop messages from MDS when unmounting (jsc#SES-1880). * ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). * ceph: fix type promotion bug on 32bit systems (bsc#1216324). * ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). * ceph: fscrypt_auth handling for ceph (jsc#SES-1880). * ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). * ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). * ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). * ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). * ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). * ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). * ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). * ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). * ceph: mark directory as non-complete after loading key (jsc#SES-1880). * ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). * ceph: plumb in decryption during reads (jsc#SES-1880). * ceph: preallocate inode for ops that may create one (jsc#SES-1880). * ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). * ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). * ceph: send alternate_name in MClientRequest (jsc#SES-1880). * ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). * ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). * ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). * ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). * ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). * ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). * drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). * drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git- fixes). * drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). * drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). * drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). * drm/atomic-helper: relax unregistered connector check (git-fixes). * drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git- fixes). * drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). * fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * intel x86 platform vsec kABI workaround (bsc#1216202). * io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). * io_uring/rw: defer fsnotify calls to task context (git-fixes). * io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). * io_uring/rw: remove leftover debug statement (git-fixes). * io_uring: Replace 0-length array with flexible array (git-fixes). * io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). * io_uring: fix fdinfo sqe offsets calculation (git-fixes). * io_uring: fix memory leak when removing provided buffers (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) * kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). * libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). * libceph: add sparse read support to OSD client (jsc#SES-1880). * libceph: add sparse read support to msgr1 (jsc#SES-1880). * libceph: add spinlock around osd->o_requests (jsc#SES-1880). * libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). * libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). * libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). * libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). * libceph: use kernel_connect() (bsc#1216323). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net: use sk_is_tcp() in more places (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). * platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). * platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). * platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). * platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * remove unnecessary WARN_ON_ONCE() (bsc#1214823). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). * scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). * scsi: iscsi: Add length check for nlattr payload (git-fixes). * scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). * scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). * scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). * scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git- fixes). * scsi: pm8001: Setup IRQs on resume (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). * scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). * scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). * selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto argument (git- fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto return type (git- fixes). * selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). * selftests/bpf: Clean up sys_nanosleep uses (git-fixes). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * xen-netback: use default TX queue size for vifs (git-fixes). * xhci: Keep interrupt disabled in initialization until host is running (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4414=1 openSUSE-SLE-15.5-2023-4414=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4414=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * dlm-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-debugsource-5.14.21-150500.33.23.1 * reiserfs-kmp-azure-5.14.21-150500.33.23.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * gfs2-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-debuginfo-5.14.21-150500.33.23.1 * cluster-md-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.23.1 * kernel-syms-azure-5.14.21-150500.33.23.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * ocfs2-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.23.1 * kernel-azure-devel-5.14.21-150500.33.23.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.23.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-optional-5.14.21-150500.33.23.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-extra-5.14.21-150500.33.23.1 * kselftests-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-vdso-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.23.1 * kernel-devel-azure-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150500.33.23.1 * kernel-azure-devel-5.14.21-150500.33.23.1 * kernel-syms-azure-5.14.21-150500.33.23.1 * kernel-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.23.1 * kernel-devel-azure-5.14.21-150500.33.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-2860.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39191.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214754 * https://bugzilla.suse.com/show_bug.cgi?id=1214874 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215545 * https://bugzilla.suse.com/show_bug.cgi?id=1215921 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216202 * https://bugzilla.suse.com/show_bug.cgi?id=1216322 * https://bugzilla.suse.com/show_bug.cgi?id=1216323 * https://bugzilla.suse.com/show_bug.cgi?id=1216324 * https://bugzilla.suse.com/show_bug.cgi?id=1216333 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 12:45:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:45:52 -0000 Subject: SUSE-SU-2023:4423-1: important: Security update for tomcat Message-ID: <169987955270.13932.8855198663273250608@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:4423-1 Rating: important References: * bsc#1214666 * bsc#1216118 * bsc#1216119 Cross-References: * CVE-2023-41080 * CVE-2023-42795 * CVE-2023-45648 CVSS scores: * CVE-2023-41080 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-41080 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup (bsc#1216119). * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers (bsc#1216118). * CVE-2023-41080: Fixed URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature (bsc#1214666). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4423=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4423=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4423=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE CaaS Platform 4.0 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41080.html * https://www.suse.com/security/cve/CVE-2023-42795.html * https://www.suse.com/security/cve/CVE-2023-45648.html * https://bugzilla.suse.com/show_bug.cgi?id=1214666 * https://bugzilla.suse.com/show_bug.cgi?id=1216118 * https://bugzilla.suse.com/show_bug.cgi?id=1216119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 12:46:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:46:00 -0000 Subject: SUSE-SU-2023:4418-1: important: Security update for postgresql14 Message-ID: <169987956037.13932.18101087770169940336@smelt2.prg2.suse.org> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:4418-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * updated to 14.10 https://www.postgresql.org/docs/14/release-14-10.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4418=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.10-3.33.1 * postgresql14-devel-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql14-server-devel-debuginfo-14.10-3.33.1 * postgresql14-server-devel-14.10-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 12:46:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:46:02 -0000 Subject: SUSE-RU-2023:4416-1: low: Submit CDI to SUSE:SLE-15-SP4:Update Message-ID: <169987956210.13932.7593998710444992706@smelt2.prg2.suse.org> # Submit CDI to SUSE:SLE-15-SP4:Update Announcement ID: SUSE-RU-2023:4416-1 Rating: low References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: Submit CDI to SUSE:SLE-15-SP4:Update CDI maintenance update for SLE15 SP4. Focusing primarily on rebuilding the container images and addressing the CVEs discovered so far in the base system. No ECO or Jira ticket required. Released under the process described in: https://confluence.suse.com/display/Virtualization/KubeVirt+toolstack+in+the+SLE+world ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4416=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4416=1 SUSE-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4416=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4416=1 ## Package List: * openSUSE Leap Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-api-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-importer-1.51.0-150400.4.20.2 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-operator-1.51.0-150400.4.20.2 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-1.51.0-150400.4.20.2 * containerized-data-importer-controller-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * containerized-data-importer-api-1.51.0-150400.4.20.2 * obs-service-cdi_containers_meta-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 12:46:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:46:04 -0000 Subject: SUSE-RU-2023:2355-3: moderate: Recommended update for librelp Message-ID: <169987956418.13932.3317099152387025886@smelt2.prg2.suse.org> # Recommended update for librelp Announcement ID: SUSE-RU-2023:2355-3 Rating: moderate References: * bsc#1210649 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for librelp fixes the following issues: * update to librelp 1.11.0 (bsc#1210649) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2355=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2355=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2355=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2355=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210649 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4428-1: low: Recommended update for sassc Message-ID: <169989300214.2978.10283490908304346241@smelt2.prg2.suse.org> # Recommended update for sassc Announcement ID: SUSE-RU-2023:4428-1 Rating: low References: * bsc#1201074 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This recommended update for sassc fixes the following issues: * No-change rebuild against a newer version of libsass (3.6.5) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4428=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4428=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4428=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4428=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libsass-devel-3.6.5-150200.4.7.1 * sassc-debuginfo-3.6.2-150200.3.5.1 * sassc-3.6.2-150200.3.5.1 * libsass-3_6_5-1-3.6.5-150200.4.7.1 * sassc-debugsource-3.6.2-150200.3.5.1 * libsass-debugsource-3.6.5-150200.4.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsass-devel-3.6.5-150200.4.7.1 * libsass-debugsource-3.6.5-150200.4.7.1 * sassc-debuginfo-3.6.2-150200.3.5.1 * sassc-3.6.2-150200.3.5.1 * libsass-3_6_5-1-3.6.5-150200.4.7.1 * sassc-debugsource-3.6.2-150200.3.5.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsass-devel-3.6.5-150200.4.7.1 * libsass-debugsource-3.6.5-150200.4.7.1 * sassc-debuginfo-3.6.2-150200.3.5.1 * sassc-3.6.2-150200.3.5.1 * libsass-3_6_5-1-3.6.5-150200.4.7.1 * sassc-debugsource-3.6.2-150200.3.5.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.7.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libsass-3_6_5-1-3.6.5-150200.4.7.1 * libsass-devel-3.6.5-150200.4.7.1 * libsass-3_6_5-1-debuginfo-3.6.5-150200.4.7.1 * libsass-debugsource-3.6.5-150200.4.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201074 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4427-1: moderate: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169989300448.2978.8005795553663755703@smelt2.prg2.suse.org> # Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-SU-2023:4427-1 Rating: moderate References: * bsc#1211892 * bsc#1216826 * jsc#PED-4964 Cross-References: * CVE-2023-31022 CVSS scores: * CVE-2023-31022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issue fixed: * CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.129.03 * update firmware to version 535.113.01 Changes in nvidia-open-driver-G06-signed: * Update to version 535.129.03 * Add a devel package so other modules can be built against this one. [jira#PED-4964] * disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [bsc#1211892] * preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository * Update to version 535.113.01 * kmp-post.sh/kmp-postun.sh: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4427=1 openSUSE-SLE-15.5-2023-4427=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4427=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4427=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4427=1 ## Package List: * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150500.3.13.1 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * Basesystem Module 15-SP5 (aarch64) * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150500.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31022.html * https://bugzilla.suse.com/show_bug.cgi?id=1211892 * https://bugzilla.suse.com/show_bug.cgi?id=1216826 * https://jira.suse.com/browse/PED-4964 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4426-1: moderate: Security update for python-Django1 Message-ID: <169989300865.2978.5023071155378564807@smelt2.prg2.suse.org> # Security update for python-Django1 Announcement ID: SUSE-SU-2023:4426-1 Rating: moderate References: * bsc#1215978 Cross-References: * CVE-2023-43665 CVSS scores: * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-43665 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django1 fixes the following issues: * CVE-2023-43665: Fixed a denial of service in django.utils.text.Truncator (bsc#1215978). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-4426=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-4426=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-Django1-1.11.29-3.53.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-Django1-1.11.29-3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43665.html * https://bugzilla.suse.com/show_bug.cgi?id=1215978 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:13 -0000 Subject: SUSE-SU-2023:4425-1: important: Security update for postgresql, postgresql15, postgresql16 Message-ID: <169989301305.2978.7054079968853327669@smelt2.prg2.suse.org> # Security update for postgresql, postgresql15, postgresql16 Announcement ID: SUSE-SU-2023:4425-1 Rating: important References: * bsc#1122892 * bsc#1179231 * bsc#1206796 * bsc#1209208 * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 * jsc#PED-5586 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed. ## Description: This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16 (jsc#PED-5586). Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: * Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html Changes in postgresql15: * Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html * The libs and mini package are now provided by postgresql16. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql: * Bump default to 16. * Interlock version and release of all noarch packages except for the postgresql-docs. * Bump major version to prepare for PostgreSQL 16, but keep default at 15 for now on Factory. * bsc#1122892: Add a sysconfig variable for initdb. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. * Add postgresql-README as a separate source file. * bsc#1209208: Drop hard dependency on systemd * bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. * avoid bashisms in /bin/sh based startup script * Bump to postgresql 15 * Change to systemd-sysusers ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4425=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * postgresql-devel-16-4.23.3 * postgresql-server-devel-16-4.23.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-server-devel-15.5-3.19.2 * postgresql15-devel-debuginfo-15.5-3.19.2 * postgresql16-devel-debuginfo-16.1-3.7.1 * postgresql15-server-devel-debuginfo-15.5-3.19.2 * postgresql16-server-devel-debuginfo-16.1-3.7.1 * postgresql16-server-devel-16.1-3.7.1 * postgresql15-devel-15.5-3.19.2 * postgresql16-devel-16.1-3.7.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1122892 * https://bugzilla.suse.com/show_bug.cgi?id=1179231 * https://bugzilla.suse.com/show_bug.cgi?id=1206796 * https://bugzilla.suse.com/show_bug.cgi?id=1209208 * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 * https://jira.suse.com/browse/PED-5586 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4424-1: important: Security update for squashfs Message-ID: <169989301588.2978.3795981599459986220@smelt2.prg2.suse.org> # Security update for squashfs Announcement ID: SUSE-SU-2023:4424-1 Rating: important References: * bsc#1133284 * bsc#1160294 * bsc#1189936 * bsc#1190531 * bsc#935380 Cross-References: * CVE-2015-4645 * CVE-2015-4646 * CVE-2021-40153 * CVE-2021-41072 CVSS scores: * CVE-2015-4645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-40153 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-40153 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2021-41072 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-41072 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools (bsc#935380) * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) * CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 ## References: * https://www.suse.com/security/cve/CVE-2015-4645.html * https://www.suse.com/security/cve/CVE-2015-4646.html * https://www.suse.com/security/cve/CVE-2021-40153.html * https://www.suse.com/security/cve/CVE-2021-41072.html * https://bugzilla.suse.com/show_bug.cgi?id=1133284 * https://bugzilla.suse.com/show_bug.cgi?id=1160294 * https://bugzilla.suse.com/show_bug.cgi?id=1189936 * https://bugzilla.suse.com/show_bug.cgi?id=1190531 * https://bugzilla.suse.com/show_bug.cgi?id=935380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4432-1: important: Security update for apache2 Message-ID: <169990740382.29927.3594595828538421070@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4432-1 Rating: important References: * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4432=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4432=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE CaaS Platform 4.0 (x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE CaaS Platform 4.0 (noarch) * apache2-doc-2.4.33-150000.3.78.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4431-1: important: Security update for apache2 Message-ID: <169990740630.29927.6062335694047791022@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4431-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4431=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4431=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4431=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4431=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4431=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4431=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4431=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4431=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4431=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4431=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4431=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Proxy 4.2 (x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Proxy 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Server 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Enterprise Storage 7.1 (noarch) * apache2-doc-2.4.51-150200.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4430-1: important: Security update for apache2 Message-ID: <169990740911.29927.10109602390344625632@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4430-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4430=1 openSUSE-SLE-15.4-2023-4430=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4430=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4430=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4430=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4430=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4430=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4430=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4430=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:11 -0000 Subject: SUSE-SU-2023:4416-1: important: Security update for containerized-data-importer Message-ID: <169990741128.29927.8330781463823178044@smelt2.prg2.suse.org> # Security update for containerized-data-importer Announcement ID: SUSE-SU-2023:4416-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for containerized-data-importer fixes the following issue: * rebuild with current go compiler ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4416=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4416=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4416=1 ## Package List: * openSUSE Leap Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-api-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-importer-1.51.0-150400.4.20.2 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-operator-1.51.0-150400.4.20.2 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-1.51.0-150400.4.20.2 * containerized-data-importer-controller-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * containerized-data-importer-api-1.51.0-150400.4.20.2 * obs-service-cdi_containers_meta-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 13 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:13 -0000 Subject: SUSE-SU-2023:4429-1: moderate: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169990741378.29927.2118391008799030135@smelt2.prg2.suse.org> # Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-SU-2023:4429-1 Rating: moderate References: * bsc#1216826 Cross-References: * CVE-2023-31022 CVSS scores: * CVE-2023-31022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issues fixed: * CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.129.03 Changes in nvidia-open-driver-G06-signed: * Update to version 535.129.03 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4429=1 openSUSE-SLE-15.4-2023-4429=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4429=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4429=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4429=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4429=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4429=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4429=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4429=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150400.9.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * Basesystem Module 15-SP4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150400.9.27.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31022.html * https://bugzilla.suse.com/show_bug.cgi?id=1216826 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 08:02:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 09:02:04 +0100 (CET) Subject: SUSE-CU-2023:3702-1: Security update of suse/registry Message-ID: <20231114080204.3D5C2F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3702-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.12 , suse/registry:latest Container Release : 15.12 Severity : important Type : security References : 1207399 1214357 1216424 CVE-2023-31122 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). The following package changes have been done: - apache2-utils-2.4.51-150400.6.14.1 updated From sle-updates at lists.suse.com Tue Nov 14 08:02:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 09:02:23 +0100 (CET) Subject: SUSE-CU-2023:3704-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231114080223.D1940F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3704-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.5 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.5 Container Release : 9.40.5 Severity : important Type : security References : 1207399 1214357 1216424 CVE-2023-31122 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). The following package changes have been done: - apache2-utils-2.4.51-150400.6.14.1 updated - apache2-2.4.51-150400.6.14.1 updated - apache2-prefork-2.4.51-150400.6.14.1 updated From sle-updates at lists.suse.com Tue Nov 14 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4438-1: low: Security update for xterm Message-ID: <169996500225.27826.7201154351382004643@smelt2.prg2.suse.org> # Security update for xterm Announcement ID: SUSE-SU-2023:4438-1 Rating: low References: * bsc#1214282 Cross-References: * CVE-2023-40359 CVSS scores: * CVE-2023-40359 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40359 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xterm fixes the following issues: * CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode. (bsc#1214282) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4438=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4438=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4438=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4438=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4438=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4438=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4438=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Proxy 4.2 (x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40359.html * https://bugzilla.suse.com/show_bug.cgi?id=1214282 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4435-1: moderate: Recommended update for python-influxdb Message-ID: <169996500503.27826.12131150770048132631@smelt2.prg2.suse.org> # Recommended update for python-influxdb Announcement ID: SUSE-RU-2023:4435-1 Rating: moderate References: * jsc#MSC-707 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update for python-influxdb fixes the following issues: * Add `python3-influxdb` to Package Hub (no source changes) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4435=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4435=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4435=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4435=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-influxdb-5.0.0-150000.3.2.1 * openSUSE Leap 15.5 (noarch) * python3-influxdb-5.0.0-150000.3.2.1 * SUSE Package Hub 15 15-SP4 (noarch) * python3-influxdb-5.0.0-150000.3.2.1 * SUSE Package Hub 15 15-SP5 (noarch) * python3-influxdb-5.0.0-150000.3.2.1 ## References: * https://jira.suse.com/browse/MSC-707 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4434-1: important: Security update for postgresql13 Message-ID: <169996500727.27826.6723830693057462441@smelt2.prg2.suse.org> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:4434-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Update to 13.13: https://www.postgresql.org/docs/13/release-13-13.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4434=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * postgresql13-devel-13.13-3.43.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql13-server-devel-13.13-3.43.1 * postgresql13-server-devel-debuginfo-13.13-3.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4433-1: important: Security update for postgresql12 Message-ID: <169996500977.27826.5698939081574468523@smelt2.prg2.suse.org> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:4433-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Update to 12.17 https://www.postgresql.org/docs/12/release-12-17.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4433=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-debugsource-12.17-3.49.1 * postgresql12-devel-12.17-3.49.1 * postgresql12-devel-debuginfo-12.17-3.49.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql12-server-devel-debuginfo-12.17-3.49.1 * postgresql12-server-devel-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4439-1: moderate: Security update for w3m Message-ID: <169997940328.24660.14218748442050397540@smelt2.prg2.suse.org> # Security update for w3m Announcement ID: SUSE-SU-2023:4439-1 Rating: moderate References: * bsc#1213323 * bsc#1213324 Cross-References: * CVE-2023-38252 * CVE-2023-38253 CVSS scores: * CVE-2023-38252 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38253 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for w3m fixes the following issues: * Update to version 0.5.3+git20230121 * CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324) * CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4439=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4439=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4439=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4439=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-debuginfo-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-debuginfo-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38252.html * https://www.suse.com/security/cve/CVE-2023-38253.html * https://bugzilla.suse.com/show_bug.cgi?id=1213323 * https://bugzilla.suse.com/show_bug.cgi?id=1213324 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4442-1: important: Security update for ucode-intel Message-ID: <169999380346.15555.685460987248566748@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4442-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4441-1: important: Security update for ucode-intel Message-ID: <169999380565.15555.15670538182141757005@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4441-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4441=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4441=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20231113-150100.3.228.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 14 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4440-1: important: Security update for ucode-intel Message-ID: <169999380799.15555.5622480825591439336@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4440-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4440=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4440=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4440=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4440=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4440=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4440=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4440=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4440=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4440=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4440=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4440=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4440=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4440=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4440=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4440=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4440=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4440=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4440=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4440=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4440=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4440=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4440=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap Micro 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap 15.5 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * ucode-intel-20231113-150200.32.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20231113-150200.32.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Proxy 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Server 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20231113-150200.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 08:01:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:02 +0100 (CET) Subject: SUSE-IU-2023:822-1: Security update of suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 Message-ID: <20231115080102.3B744F3CA@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:822-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Wed Nov 15 08:01:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:05 +0100 (CET) Subject: SUSE-IU-2023:823-1: Security update of suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 Message-ID: <20231115080105.DBC34F3CA@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:823-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-x86_64-xen-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Wed Nov 15 08:01:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:12 +0100 (CET) Subject: SUSE-IU-2023:824-1: Security update of sles-15-sp5-chost-byos-v20231113-arm64 Message-ID: <20231115080112.2E441F3CA@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231113-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:824-1 Image Tags : sles-15-sp5-chost-byos-v20231113-arm64:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231113-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Wed Nov 15 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 08:30:01 -0000 Subject: SUSE-RU-2023:4448-1: moderate: Recommended update for php-memcached Message-ID: <170003700149.10427.11429007462384368734@smelt2.prg2.suse.org> # Recommended update for php-memcached Announcement ID: SUSE-RU-2023:4448-1 Rating: moderate References: * jsc#PED-6314 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that contains one feature can now be installed. ## Description: This update for php-memcached fixes the following issues: This adds php8-memcached to the Web and Scripting module. (jsc#PED-6314) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4448=1 openSUSE-SLE-15.4-2023-4448=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4448=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4448=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4448=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * php8-memcached-debugsource-3.2.0-150400.9.3.1 * php8-memcached-debuginfo-3.2.0-150400.9.3.1 * php8-memcached-3.2.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php8-memcached-debugsource-3.2.0-150400.9.3.1 * php8-memcached-debuginfo-3.2.0-150400.9.3.1 * php8-memcached-3.2.0-150400.9.3.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php8-memcached-debugsource-3.2.0-150400.9.3.1 * php8-memcached-debuginfo-3.2.0-150400.9.3.1 * php8-memcached-3.2.0-150400.9.3.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php8-memcached-debugsource-3.2.0-150400.9.3.1 * php8-memcached-debuginfo-3.2.0-150400.9.3.1 * php8-memcached-3.2.0-150400.9.3.1 ## References: * https://jira.suse.com/browse/PED-6314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 08:30:03 -0000 Subject: SUSE-RU-2023:4447-1: moderate: Recommended update for open-vm-tools Message-ID: <170003700321.10427.4918707746504294410@smelt2.prg2.suse.org> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:4447-1 Rating: moderate References: * bsc#1216670 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * Update to 12.3.5 (bsc#1216670) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4447=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4447=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4447=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libvmtools0-debuginfo-12.3.5-4.65.1 * open-vm-tools-12.3.5-4.65.1 * open-vm-tools-sdmp-debuginfo-12.3.5-4.65.1 * open-vm-tools-salt-minion-12.3.5-4.65.1 * libvmtools0-12.3.5-4.65.1 * open-vm-tools-debugsource-12.3.5-4.65.1 * open-vm-tools-desktop-12.3.5-4.65.1 * open-vm-tools-sdmp-12.3.5-4.65.1 * open-vm-tools-desktop-debuginfo-12.3.5-4.65.1 * open-vm-tools-debuginfo-12.3.5-4.65.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libvmtools0-debuginfo-12.3.5-4.65.1 * open-vm-tools-12.3.5-4.65.1 * open-vm-tools-sdmp-debuginfo-12.3.5-4.65.1 * open-vm-tools-salt-minion-12.3.5-4.65.1 * libvmtools0-12.3.5-4.65.1 * open-vm-tools-debugsource-12.3.5-4.65.1 * open-vm-tools-desktop-12.3.5-4.65.1 * open-vm-tools-sdmp-12.3.5-4.65.1 * open-vm-tools-desktop-debuginfo-12.3.5-4.65.1 * open-vm-tools-debuginfo-12.3.5-4.65.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libvmtools0-debuginfo-12.3.5-4.65.1 * open-vm-tools-12.3.5-4.65.1 * open-vm-tools-sdmp-debuginfo-12.3.5-4.65.1 * open-vm-tools-salt-minion-12.3.5-4.65.1 * libvmtools0-12.3.5-4.65.1 * open-vm-tools-debugsource-12.3.5-4.65.1 * open-vm-tools-desktop-12.3.5-4.65.1 * open-vm-tools-sdmp-12.3.5-4.65.1 * open-vm-tools-desktop-debuginfo-12.3.5-4.65.1 * open-vm-tools-debuginfo-12.3.5-4.65.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216670 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 08:30:06 -0000 Subject: SUSE-RU-2023:4445-1: moderate: Recommended update for selinux-policy Message-ID: <170003700643.10427.9901698137198408424@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4445-1 Rating: moderate References: * bsc#1216060 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Update to version 20230511+git5.54d165ea * Allow keepalived to manage its tmp files (bsc#1216060) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4445=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4445=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4445=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * selinux-policy-devel-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-devel-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-devel-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-20230511+git5.54d165ea-150400.4.15.1 * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216060 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4446-1: moderate: Recommended update for open-vm-tools Message-ID: <170003700477.10427.5691995357988773271@smelt2.prg2.suse.org> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:4446-1 Rating: moderate References: * bsc#1216670 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * Update to 12.3.5 (bsc#1216670) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4446=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4446=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4446=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4446=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4446=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4446=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4446=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4446=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4446=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4446=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4446=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4446=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4446=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4446=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4446=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4446=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4446=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * open-vm-tools-desktop-debuginfo-12.3.5-150300.46.1 * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * libvmtools-devel-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-desktop-12.3.5-150300.46.1 * open-vm-tools-containerinfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-debuginfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-12.3.5-150300.46.1 * open-vm-tools-containerinfo-debuginfo-12.3.5-150300.46.1 * openSUSE Leap 15.3 (x86_64) * open-vm-tools-salt-minion-12.3.5-150300.46.1 * openSUSE Leap Micro 5.3 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * openSUSE Leap Micro 5.4 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * openSUSE Leap 15.4 (aarch64 x86_64) * open-vm-tools-desktop-debuginfo-12.3.5-150300.46.1 * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * libvmtools-devel-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-desktop-12.3.5-150300.46.1 * open-vm-tools-containerinfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-debuginfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-12.3.5-150300.46.1 * open-vm-tools-containerinfo-debuginfo-12.3.5-150300.46.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.3.5-150300.46.1 * openSUSE Leap 15.5 (aarch64 x86_64) * open-vm-tools-desktop-debuginfo-12.3.5-150300.46.1 * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * libvmtools-devel-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-desktop-12.3.5-150300.46.1 * open-vm-tools-containerinfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-debuginfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-12.3.5-150300.46.1 * open-vm-tools-containerinfo-debuginfo-12.3.5-150300.46.1 * openSUSE Leap 15.5 (x86_64) * open-vm-tools-salt-minion-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * libvmtools-devel-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-sdmp-debuginfo-12.3.5-150300.46.1 * open-vm-tools-containerinfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-12.3.5-150300.46.1 * open-vm-tools-containerinfo-debuginfo-12.3.5-150300.46.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.3.5-150300.46.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-sdmp-debuginfo-12.3.5-150300.46.1 * open-vm-tools-containerinfo-12.3.5-150300.46.1 * open-vm-tools-sdmp-12.3.5-150300.46.1 * open-vm-tools-containerinfo-debuginfo-12.3.5-150300.46.1 * Basesystem Module 15-SP5 (x86_64) * libvmtools-devel-12.3.5-150300.46.1 * open-vm-tools-salt-minion-12.3.5-150300.46.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-debuginfo-12.3.5-150300.46.1 * open-vm-tools-desktop-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-desktop-debuginfo-12.3.5-150300.46.1 * open-vm-tools-desktop-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * libvmtools0-debuginfo-12.3.5-150300.46.1 * libvmtools0-12.3.5-150300.46.1 * open-vm-tools-debuginfo-12.3.5-150300.46.1 * open-vm-tools-12.3.5-150300.46.1 * open-vm-tools-debugsource-12.3.5-150300.46.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216670 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 08:30:08 -0000 Subject: SUSE-RU-2023:4444-1: moderate: Recommended update for selinux-policy Message-ID: <170003700826.10427.2360557632221994949@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4444-1 Rating: moderate References: * bsc#1216060 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Update to version 20210716+git59.bb8b3de0 * Allow keepalived to manage its tmp files (bsc#1216060) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4444=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4444=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4444=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.6.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216060 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 12:30:01 -0000 Subject: SUSE-FU-2023:2738-2: moderate: Feature update for Apache Commons components Message-ID: <170005140153.13513.1717166127682536458@smelt2.prg2.suse.org> # Feature update for Apache Commons components Announcement ID: SUSE-FU-2023:2738-2 Rating: moderate References: * jsc#SLE-23217 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Web and Scripting Module 15-SP5 An update that contains one feature can now be installed. ## Description: This update for Apache Commons components fixes the following issues: apache-commons-text: * Add upstream signing key and verify source signature (jsc#SLE-23217) apache-commons-daemon: * Version update from 1.2.4 to 1.3.2 (jsc#SLE-23217): * Fix Procrun. Remove noisy INFO log message that triggered logging once per minute while the service was running * Fix typos in Javadoc and comments * Fix Procrun. The DependsOn parameter is no longer ignored when updating the service configuration * Provide an error level log message when the user attempts to start the service without configuring a JVM and none is available via the registry * Dependencies Updates: * Bump actions/cache from 3.0.3 to 3.0.8. * Bump actions/checkout from 3 to 3.0.2. * Bump commons-parent from 53 to 54. * Bump spotbugs-maven-plugin from 4.6.0.0 to 4.7.2.0. * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. * Bump japicmp-maven-plugin from 0.15.4 to 0.16.0. * Bump JUnit 4 to 5 vintage. apache-common-parent: * Version update from 52 to version 53 (jsc#SLE-23217): * New features: * Add .asf.yaml to RAT excludes. * Add versions-maven-plugin run for this build. * Add maven-checkstyle-plugin to pluginManagement. * Allow Maven PMD plugin to override PMD implementation jars with property "commons.pmd-impl.version". * Add property commons.javadoc16.java.link. * Add and use property commons.enforcer-plugin.version. * Add SpotBugs to plugin management section. * Add and use property commons.buildnumber-plugin.version. * Add property commons.javadoc17.java.link. * Fixed Bugs: * Use HTTPS for Javadoc links to Oracle. * Use HTTPS for most links to Apache. * Rename property biz.aQute.bndlib.version to commons.biz.aQute.bndlib.version. * Dependencies updates: * Bump versions-maven-plugin from 2.7 to 2.10.0 * Bump maven-project-info-reports-plugin from 3.1.0 to 3.2.2 * Bump Jacoco from 0.8.5 to 0.8.7 * Bump actions/setup-java from v1.4.0 to v2 * Bump commons-build-plugin 1.11 to 1.12 * Bump biz.aQute.bndlib from 5.1.2 to 6.2.0 * Bump actions/checkout from 2.3.1 to 3 * Bump com.github.siom79.japicmp:japicmp-maven-plugin 0.14.3 to 0.15.7 * Bump org.apache.maven.wagon:wagon-ssh 3.4.0 to 3.4.3 * Bump maven-pmd-plugin 3.13.0 to 3.16.0 * Bump commons.checkstyle-plugin.version 3.1.1 to 3.1.2 * Bump actions/cache from 2 to 3 * Bump animal-sniffer-maven-plugin from 1.19 to 1.21 * Bump com.puppycrawl.tools:checkstyle from 8.40 to 9.0.2 * Bump maven-bundle-plugin from 5.1.1 to 5.1.4 * Bump maven-jxr-plugin from 3.0.0 to 3.1.1 * Bump maven-javadoc-plugin from 3.2.0 to 3.3.2 * Bump commons.pmd-impl.version from 6.29.0 to 6.44.0 * Bump spotbugs-maven-plugin from 4.0.4 to 4.5.3.0 * Bump spotbugs from 4.0.6 to 4.5.3 * Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 * Bump buildnumber-maven-plugin from 1.4 to 3.0.0 * Bump maven-site-plugin from 3.9.1 to 3.11.0 * Bump wagon-ssh from 3.4.3 to 3.5.1 * Bump checkstyle from 9.2 to 9.3 * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 * Bump maven-jar-plugin from 3.2.0 to 3.2.2 * Bump commons-release-plugin from 1.7 to 1.8.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2738=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2738=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2738=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-jsvc-debuginfo-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-jsvc-1.3.2-150200.11.9.2 * openSUSE Leap 15.5 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * apache-commons-parent-53-150200.3.9.1 * apache-commons-text-javadoc-1.10.0-150200.5.8.7 * apache-commons-daemon-javadoc-1.3.2-150200.11.9.2 * Development Tools Module 15-SP5 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-1.3.2-150200.11.9.2 * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 12:30:03 -0000 Subject: SUSE-RU-2023:4450-1: moderate: Recommended update for crypto-policies Message-ID: <170005140394.13513.3978934170315681939@smelt2.prg2.suse.org> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2023:4450-1 Rating: moderate References: * bsc#1209998 * jsc#PED-5041 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one fix can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Enable setting the kernel FIPS mode with the fips-mode-setup and fips- finish-install commands (jsc#PED-5041) * Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems * Ship the man pages for fips-mode-setup and fips-finish-install * Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4450=1 openSUSE-SLE-15.4-2023-4450=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4450=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4450=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4450=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4450=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4450=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4450=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4450=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4450=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4450=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4450=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1 * crypto-policies-20210917.c9d86d1-150400.3.6.1 * openSUSE Leap Micro 5.3 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * openSUSE Leap Micro 5.4 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1 * crypto-policies-20210917.c9d86d1-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * crypto-policies-20210917.c9d86d1-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1 * crypto-policies-20210917.c9d86d1-150400.3.6.1 * Basesystem Module 15-SP5 (noarch) * crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1 * crypto-policies-20210917.c9d86d1-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209998 * https://jira.suse.com/browse/PED-5041 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4449-1: moderate: Security update for exfatprogs Message-ID: <170005140556.13513.2893572561920479150@smelt2.prg2.suse.org> # Security update for exfatprogs Announcement ID: SUSE-SU-2023:4449-1 Rating: moderate References: * bsc#1216701 Cross-References: * CVE-2023-45897 CVSS scores: * CVE-2023-45897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for exfatprogs fixes the following issues: * CVE-2023-45897: Fixed out-of-bound memory issues in fsck (bsc#1216701). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4449=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4449=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4449=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4449=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4449=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45897.html * https://bugzilla.suse.com/show_bug.cgi?id=1216701 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3082-2: important: Security update for qemu Message-ID: <170006580288.12720.7552127771709908229@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2023:3082-2 Rating: important References: * bsc#1179993 * bsc#1181740 * bsc#1207205 * bsc#1212968 * bsc#1213001 * bsc#1213414 Cross-References: * CVE-2023-0330 * CVE-2023-2861 * CVE-2023-3255 * CVE-2023-3301 CVSS scores: * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3255 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3255 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3301 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). * CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). * CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). * CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: * hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) * Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3082=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-7.1.0-150500.49.6.1 * qemu-chardev-spice-7.1.0-150500.49.6.1 * qemu-tools-7.1.0-150500.49.6.1 * qemu-guest-agent-7.1.0-150500.49.6.1 * qemu-ui-opengl-7.1.0-150500.49.6.1 * qemu-7.1.0-150500.49.6.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-tools-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.6.1 * qemu-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-block-curl-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.6.1 * qemu-debugsource-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-spice-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-7.1.0-150500.49.6.1 * qemu-arm-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-ipxe-1.0.0+-150500.49.6.1 * qemu-sgabios-8-150500.49.6.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.6.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-7.1.0-150500.49.6.1 * qemu-s390x-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-x86-7.1.0-150500.49.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2023-3255.html * https://www.suse.com/security/cve/CVE-2023-3301.html * https://bugzilla.suse.com/show_bug.cgi?id=1179993 * https://bugzilla.suse.com/show_bug.cgi?id=1181740 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1213001 * https://bugzilla.suse.com/show_bug.cgi?id=1213414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4453-1: moderate: Recommended update for libjansson Message-ID: <170006580512.12720.14310785745012207149@smelt2.prg2.suse.org> # Recommended update for libjansson Announcement ID: SUSE-RU-2023:4453-1 Rating: moderate References: * bsc#1216541 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4453=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4453=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4453=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4453=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4453=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4453=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4453=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4453=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4453=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4453=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4453=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4453=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4453=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4453=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4453=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4453=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4453=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * openSUSE Leap 15.4 (x86_64) * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * openSUSE Leap 15.5 (x86_64) * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * Basesystem Module 15-SP4 (x86_64) * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * Basesystem Module 15-SP5 (x86_64) * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * SUSE Manager Proxy 4.2 (x86_64) * libjansson4-2.14-150000.3.5.1 * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libjansson4-2.14-150000.3.5.1 * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson-devel-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 * SUSE Manager Server 4.2 (x86_64) * libjansson4-32bit-2.14-150000.3.5.1 * libjansson4-32bit-debuginfo-2.14-150000.3.5.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libjansson4-debuginfo-2.14-150000.3.5.1 * libjansson4-2.14-150000.3.5.1 * libjansson-debugsource-2.14-150000.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216541 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:09 -0000 Subject: SUSE-RU-2023:4452-1: important: Recommended update for rsyslog Message-ID: <170006580900.12720.7486499159704693306@smelt2.prg2.suse.org> # Recommended update for rsyslog Announcement ID: SUSE-RU-2023:4452-1 Rating: important References: * bsc#1210286 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for rsyslog fixes the following issues: * rsyslog crash in imrelp (bsc#1210286) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4452=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4452=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4452=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * rsyslog-doc-8.2106.0-8.17.4 * rsyslog-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-8.2106.0-8.17.4 * rsyslog-diag-tools-debuginfo-8.2106.0-8.17.4 * rsyslog-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-8.2106.0-8.17.4 * rsyslog-module-snmp-debuginfo-8.2106.0-8.17.4 * rsyslog-debugsource-8.2106.0-8.17.4 * rsyslog-module-gtls-8.2106.0-8.17.4 * rsyslog-module-udpspoof-8.2106.0-8.17.4 * rsyslog-module-mysql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-relp-8.2106.0-8.17.4 * rsyslog-diag-tools-8.2106.0-8.17.4 * rsyslog-module-snmp-8.2106.0-8.17.4 * rsyslog-module-relp-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gtls-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-8.2106.0-8.17.4 * rsyslog-module-udpspoof-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mysql-8.2106.0-8.17.4 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * rsyslog-doc-8.2106.0-8.17.4 * rsyslog-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-8.2106.0-8.17.4 * rsyslog-diag-tools-debuginfo-8.2106.0-8.17.4 * rsyslog-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-8.2106.0-8.17.4 * rsyslog-module-snmp-debuginfo-8.2106.0-8.17.4 * rsyslog-debugsource-8.2106.0-8.17.4 * rsyslog-module-gtls-8.2106.0-8.17.4 * rsyslog-module-udpspoof-8.2106.0-8.17.4 * rsyslog-module-mysql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-relp-8.2106.0-8.17.4 * rsyslog-diag-tools-8.2106.0-8.17.4 * rsyslog-module-snmp-8.2106.0-8.17.4 * rsyslog-module-relp-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gtls-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-8.2106.0-8.17.4 * rsyslog-module-udpspoof-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mysql-8.2106.0-8.17.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * rsyslog-doc-8.2106.0-8.17.4 * rsyslog-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-8.2106.0-8.17.4 * rsyslog-diag-tools-debuginfo-8.2106.0-8.17.4 * rsyslog-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gssapi-debuginfo-8.2106.0-8.17.4 * rsyslog-module-pgsql-8.2106.0-8.17.4 * rsyslog-module-snmp-debuginfo-8.2106.0-8.17.4 * rsyslog-debugsource-8.2106.0-8.17.4 * rsyslog-module-gtls-8.2106.0-8.17.4 * rsyslog-module-udpspoof-8.2106.0-8.17.4 * rsyslog-module-mysql-debuginfo-8.2106.0-8.17.4 * rsyslog-module-relp-8.2106.0-8.17.4 * rsyslog-diag-tools-8.2106.0-8.17.4 * rsyslog-module-snmp-8.2106.0-8.17.4 * rsyslog-module-relp-debuginfo-8.2106.0-8.17.4 * rsyslog-module-gtls-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mmnormalize-8.2106.0-8.17.4 * rsyslog-module-udpspoof-debuginfo-8.2106.0-8.17.4 * rsyslog-module-mysql-8.2106.0-8.17.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 15 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4451-1: important: Security update for apache2 Message-ID: <170006581113.12720.11259027575073593310@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4451-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4451=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-tls13-devel-2.4.51-35.35.1 * apache2-devel-2.4.51-35.35.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 08:03:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 09:03:28 +0100 (CET) Subject: SUSE-CU-2023:3707-1: Recommended update of suse/389-ds Message-ID: <20231116080328.2FCB6F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3707-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.38 , suse/389-ds:latest Container Release : 16.38 Severity : moderate Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.53 updated From sle-updates at lists.suse.com Thu Nov 16 08:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 09:03:35 +0100 (CET) Subject: SUSE-CU-2023:3708-1: Recommended update of suse/registry Message-ID: <20231116080335.E741EF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3708-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.13 , suse/registry:latest Container Release : 15.13 Severity : moderate Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-updates at lists.suse.com Thu Nov 16 08:03:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 09:03:38 +0100 (CET) Subject: SUSE-CU-2023:3709-1: Recommended update of suse/helm Message-ID: <20231116080338.86176F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3709-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.11 , suse/helm:latest Container Release : 3.11 Severity : moderate Type : recommended References : 1209998 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-updates at lists.suse.com Thu Nov 16 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 08:30:01 -0000 Subject: SUSE-RU-2023:4456-1: moderate: Recommended update for selinux-policy Message-ID: <170012340149.32571.12878443572154777133@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4456-1 Rating: moderate References: * bsc#1216060 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Update to version 20230511+git9.1b35a6ab * Allow keepalived to manage its tmp files (bsc#1216060) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4456=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.3.1 * selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1 * selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216060 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 08:30:04 -0000 Subject: SUSE-SU-2023:4455-1: important: Security update for postgresql13 Message-ID: <170012340465.32571.10462494552096384315@smelt2.prg2.suse.org> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:4455-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP5 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Updated to 13.13: https://www.postgresql.org/docs/13/release-13-13.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4455=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4455=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4455=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4455=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4455=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4455=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4455=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4455=1 * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2023-4455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4455=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4455=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-test-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * openSUSE Leap 15.4 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-test-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * openSUSE Leap 15.5 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * Legacy Module 15-SP4 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * Galera for Ericsson 15 SP5 (x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * Galera for Ericsson 15 SP5 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql13-docs-13.13-150200.5.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 08:30:07 -0000 Subject: SUSE-SU-2023:4454-1: important: Security update for postgresql12 Message-ID: <170012340757.32571.2506790426964692140@smelt2.prg2.suse.org> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:4454-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Updated to 12.17: https://www.postgresql.org/docs/12/release-12-17.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4454=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4454=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4454=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4454=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4454=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4454=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4454=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4454=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-llvmjit-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-llvmjit-devel-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-llvmjit-debuginfo-12.17-150200.8.54.1 * postgresql12-test-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * openSUSE Leap 15.4 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-llvmjit-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-llvmjit-devel-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-llvmjit-debuginfo-12.17-150200.8.54.1 * postgresql12-test-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * openSUSE Leap 15.5 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql12-docs-12.17-150200.8.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 12:30:01 -0000 Subject: SUSE-RU-2023:4457-1: important: Recommended update for nvme-cli Message-ID: <170013780175.20689.5908360700384180046@smelt2.prg2.suse.org> # Recommended update for nvme-cli Announcement ID: SUSE-RU-2023:4457-1 Rating: important References: * bsc#1213768 * bsc#1215994 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for nvme-cli fixes the following issues: * Update to version 2.4+31.gf7ec09: * NetApp udev rule updates (bsc#1215994) * Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4457=1 openSUSE-SLE-15.5-2023-4457=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4457=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4457=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nvme-cli-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debuginfo-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debugsource-2.4+31.gf7ec09-150500.4.12.1 * openSUSE Leap 15.5 (noarch) * nvme-cli-zsh-completion-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-regress-script-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-bash-completion-2.4+31.gf7ec09-150500.4.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * nvme-cli-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debuginfo-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debugsource-2.4+31.gf7ec09-150500.4.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nvme-cli-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debuginfo-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-debugsource-2.4+31.gf7ec09-150500.4.12.1 * Basesystem Module 15-SP5 (noarch) * nvme-cli-zsh-completion-2.4+31.gf7ec09-150500.4.12.1 * nvme-cli-bash-completion-2.4+31.gf7ec09-150500.4.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213768 * https://bugzilla.suse.com/show_bug.cgi?id=1215994 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4462-1: moderate: Recommended update for product-builder Message-ID: <170015220212.31512.3314135429477855195@smelt2.prg2.suse.org> # Recommended update for product-builder Announcement ID: SUSE-RU-2023:4462-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for product-builder fixes the following issue: * 1.2.15 disabling CD/DVD joliet format on debug and source media ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4462=1 openSUSE-SLE-15.4-2023-4462=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4462=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4462=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4462=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * product-builder-1.2.15-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * product-builder-1.2.15-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * product-builder-1.2.15-150400.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * product-builder-1.2.15-150400.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4461-1: moderate: Recommended update for rsyslog Message-ID: <170015220559.31512.7658509107883732451@smelt2.prg2.suse.org> # Recommended update for rsyslog Announcement ID: SUSE-RU-2023:4461-1 Rating: moderate References: * bsc#1210286 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for rsyslog fixes the following issue: * fix rsyslog crash in imrelp (bsc#1210286) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4461=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4461=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4461=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4461=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4461=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4461=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4461=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4461=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4461=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4461=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4461=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Manager Proxy 4.2 (x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rsyslog-module-gssapi-8.2106.0-150200.4.43.2 * rsyslog-debugsource-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-8.2106.0-150200.4.43.2 * rsyslog-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-8.2106.0-150200.4.43.2 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-8.2106.0-150200.4.43.2 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-relp-8.2106.0-150200.4.43.2 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.43.2 * rsyslog-module-mmnormalize-8.2106.0-150200.4.43.2 * rsyslog-module-gtls-8.2106.0-150200.4.43.2 * rsyslog-module-pgsql-8.2106.0-150200.4.43.2 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.43.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:08 -0000 Subject: SUSE-RU-2023:4460-1: moderate: Recommended update for rsyslog Message-ID: <170015220829.31512.15297948374914339483@smelt2.prg2.suse.org> # Recommended update for rsyslog Announcement ID: SUSE-RU-2023:4460-1 Rating: moderate References: * bsc#1210286 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for rsyslog fixes the following issue: * fix rsyslog crash in imrelp (bsc#1210286) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4460=1 openSUSE-SLE-15.4-2023-4460=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4460=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4460=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4460=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4460=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4460=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rsyslog-module-relp-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-8.2306.0-150400.5.21.1 * rsyslog-module-elasticsearch-8.2306.0-150400.5.21.1 * rsyslog-module-gcrypt-8.2306.0-150400.5.21.1 * rsyslog-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-8.2306.0-150400.5.21.1 * rsyslog-module-dbi-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-8.2306.0-150400.5.21.1 * rsyslog-module-dbi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-diag-tools-8.2306.0-150400.5.21.1 * rsyslog-module-gcrypt-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omamqp1-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.21.1 * rsyslog-module-elasticsearch-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-kafka-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omtcl-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.21.1 * rsyslog-module-ossl-8.2306.0-150400.5.21.1 * rsyslog-module-kafka-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-diag-tools-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omhttpfs-8.2306.0-150400.5.21.1 * rsyslog-module-omtcl-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-doc-8.2306.0-150400.5.21.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omamqp1-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omhttpfs-debuginfo-8.2306.0-150400.5.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rsyslog-module-relp-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-8.2306.0-150400.5.21.1 * rsyslog-module-elasticsearch-8.2306.0-150400.5.21.1 * rsyslog-module-gcrypt-8.2306.0-150400.5.21.1 * rsyslog-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-8.2306.0-150400.5.21.1 * rsyslog-module-dbi-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-8.2306.0-150400.5.21.1 * rsyslog-module-dbi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-diag-tools-8.2306.0-150400.5.21.1 * rsyslog-module-gcrypt-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omamqp1-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.21.1 * rsyslog-module-elasticsearch-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-kafka-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omtcl-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.21.1 * rsyslog-module-ossl-8.2306.0-150400.5.21.1 * rsyslog-module-kafka-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-diag-tools-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omhttpfs-8.2306.0-150400.5.21.1 * rsyslog-module-omtcl-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-doc-8.2306.0-150400.5.21.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omamqp1-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-omhttpfs-debuginfo-8.2306.0-150400.5.21.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rsyslog-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rsyslog-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rsyslog-module-relp-8.2306.0-150400.5.21.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rsyslog-module-relp-8.2306.0-150400.5.21.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.21.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-snmp-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-8.2306.0-150400.5.21.1 * rsyslog-module-gssapi-8.2306.0-150400.5.21.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-debugsource-8.2306.0-150400.5.21.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.21.1 * rsyslog-debuginfo-8.2306.0-150400.5.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:11 -0000 Subject: SUSE-RU-2023:4459-1: moderate: Recommended update for crmsh Message-ID: <170015221107.31512.17902544982949561754@smelt2.prg2.suse.org> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:4459-1 Rating: moderate References: * bsc#1213797 * bsc#1215319 * bsc#1215438 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Update to version 4.5.0+20231010.65aa0a09 * report: Pick up tarball suffix dynamically (bsc#1215438) * report: Pick 'gzip' as the first compress prog for cross-platform compatibility(bsc#1215438) * constants: Add several resource meta attributes (bsc#1215319) * upgradeutil: reduce the timeout for getting sequence from remote node (bsc#1213797) * corosync: Enable logging.to_logfile ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4459=1 openSUSE-SLE-15.5-2023-4459=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4459=1 ## Package List: * openSUSE Leap 15.5 (noarch) * crmsh-4.5.0+20231010.65aa0a09-150500.3.13.1 * crmsh-test-4.5.0+20231010.65aa0a09-150500.3.13.1 * crmsh-scripts-4.5.0+20231010.65aa0a09-150500.3.13.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * crmsh-4.5.0+20231010.65aa0a09-150500.3.13.1 * crmsh-scripts-4.5.0+20231010.65aa0a09-150500.3.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213797 * https://bugzilla.suse.com/show_bug.cgi?id=1215319 * https://bugzilla.suse.com/show_bug.cgi?id=1215438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4458-1: important: Security update for gcc13 Message-ID: <170015221644.31512.17052111973206129154@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4458-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * bsc#1215427 * bsc#1216664 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability, contains five features and has nine security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Work around third party app crash during C++ standard library initialization. [bsc#1216664] * Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) * Bump included newlib to version 4.3.0. * Update to GCC trunk head (r13-5254-g05b9868b182bb9) * Redo floatn fixinclude pick-up to simply keep what is there. * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4458=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4458=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4458=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4458=1 * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-4458=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4458=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4458=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4458=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4458=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4458=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4458=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4458=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4458=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4458=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4458=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4458=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4458=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4458=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4458=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (x86_64) * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (s390x x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (x86_64) * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (s390x x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Proxy 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (x86_64) * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (x86_64) * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE CaaS Platform 4.0 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE CaaS Platform 4.0 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://bugzilla.suse.com/show_bug.cgi?id=1215427 * https://bugzilla.suse.com/show_bug.cgi?id=1216664 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4472-1: important: Security update for go1.20-openssl Message-ID: <170016660284.13857.3020309512409242242@smelt2.prg2.suse.org> # Security update for go1.20-openssl Announcement ID: SUSE-SU-2023:4472-1 Rating: important References: * bsc#1206346 * bsc#1215985 * bsc#1216109 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-39323 * CVE-2023-39325 * CVE-2023-44487 * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39323 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4472=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4472=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4472=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4472=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4471-1: moderate: Security update for go1.21 Message-ID: <170016660622.13857.7586353536484334847@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:4471-1 Rating: moderate References: * bsc#1212475 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4471=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4471=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4471=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4471=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.4-150000.1.15.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4470-1: moderate: Security update for go1.20 Message-ID: <170016660931.13857.6677128305748260747@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:4470-1 Rating: moderate References: * bsc#1206346 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4470=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4470=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4470=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4470=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.11-150000.1.32.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:13 -0000 Subject: SUSE-SU-2023:4469-1: moderate: Security update for go1.21-openssl Message-ID: <170016661376.13857.9939343625655279481@smelt2.prg2.suse.org> # Security update for go1.21-openssl Announcement ID: SUSE-SU-2023:4469-1 Rating: moderate References: * bsc#1212475 * bsc#1212667 * bsc#1212669 * bsc#1215084 * bsc#1215085 * bsc#1215086 * bsc#1215087 * bsc#1215090 * bsc#1215985 * bsc#1216109 * bsc#1216943 * bsc#1216944 * jsc#SLE-18320 Cross-References: * CVE-2023-39318 * CVE-2023-39319 * CVE-2023-39320 * CVE-2023-39321 * CVE-2023-39322 * CVE-2023-39323 * CVE-2023-39325 * CVE-2023-44487 * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39320 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39320 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39321 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39323 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4469=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4469=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39318.html * https://www.suse.com/security/cve/CVE-2023-39319.html * https://www.suse.com/security/cve/CVE-2023-39320.html * https://www.suse.com/security/cve/CVE-2023-39321.html * https://www.suse.com/security/cve/CVE-2023-39322.html * https://www.suse.com/security/cve/CVE-2023-39323.html * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1212667 * https://bugzilla.suse.com/show_bug.cgi?id=1212669 * https://bugzilla.suse.com/show_bug.cgi?id=1215084 * https://bugzilla.suse.com/show_bug.cgi?id=1215085 * https://bugzilla.suse.com/show_bug.cgi?id=1215086 * https://bugzilla.suse.com/show_bug.cgi?id=1215087 * https://bugzilla.suse.com/show_bug.cgi?id=1215090 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:16 -0000 Subject: SUSE-SU-2023:4468-1: moderate: Security update for python-urllib3 Message-ID: <170016661672.13857.5007301878727019758@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4468-1 Rating: moderate References: * bsc#1216377 Cross-References: * CVE-2023-45803 CVSS scores: * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4468=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4468=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4468=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:19 -0000 Subject: SUSE-SU-2023:4467-1: moderate: Security update for python-urllib3 Message-ID: <170016661907.13857.2199984871008478259@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4467-1 Rating: moderate References: * bsc#1216377 Cross-References: * CVE-2023-45803 CVSS scores: * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4467=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4467=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4467=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4467=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4467=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4467=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4467=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4467=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4467=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4467=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4467=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4467=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4467=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4467=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4467=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap 15.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap 15.5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * Basesystem Module 15-SP4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * Basesystem Module 15-SP5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Proxy 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:22 -0000 Subject: SUSE-SU-2023:4466-1: important: Security update for xen Message-ID: <170016662256.13857.1570861464377699399@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4466-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4466=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4466=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4466=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4466=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4466=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4466=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4466=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4466=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4466=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-4.14.6_08-150300.3.60.1 * xen-libs-32bit-debuginfo-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-4.14.6_08-150300.3.60.1 * xen-doc-html-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_08-150300.3.60.1 * xen-libs-64bit-debuginfo-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:25 -0000 Subject: SUSE-SU-2023:4465-1: important: Security update for python-Pillow Message-ID: <170016662546.13857.8942496433058156601@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4465-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4465=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4465=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4465=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:28 -0000 Subject: SUSE-SU-2023:4464-1: moderate: Security update for libxml2 Message-ID: <170016662838.13857.14685362382042836227@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4464-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4464=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4464=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4464=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4464=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4464=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 16 20:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:30 -0000 Subject: SUSE-SU-2023:4463-1: moderate: Security update for libnbd Message-ID: <170016663089.13857.10015855199230000154@smelt2.prg2.suse.org> # Security update for libnbd Announcement ID: SUSE-SU-2023:4463-1 Rating: moderate References: * bsc#1216769 Cross-References: * CVE-2023-5871 CVSS scores: * CVE-2023-5871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for libnbd fixes the following issues: * CVE-2023-5871: Fixed an assertion problem in ext-mode BLOCK_STATUS (bsc#1216769). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4463=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4463=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4463=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libnbd-devel-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.4 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libnbd-devel-1.18.1-150300.8.18.1 * python3-libnbd-1.18.1-150300.8.18.1 * python3-libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.5 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libnbd-devel-1.18.1-150300.8.18.1 * python3-libnbd-1.18.1-150300.8.18.1 * python3-libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.3 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5871.html * https://bugzilla.suse.com/show_bug.cgi?id=1216769 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 08:03:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 09:03:34 +0100 (CET) Subject: SUSE-CU-2023:3717-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231117080334.A8BA1F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3717-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.5 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.5 Container Release : 9.30.5 Severity : moderate Type : security References : 1216377 CVE-2023-45803 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). The following package changes have been done: - python3-urllib3-1.25.10-150300.4.9.1 updated From sle-updates at lists.suse.com Fri Nov 17 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:07 -0000 Subject: SUSE-SU-2023:4476-1: important: Security update for xen Message-ID: <170020980721.12915.12318671115550592504@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4476-1 Rating: important References: * bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747 * bsc#1215748 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-20588 * CVE-2023-34322 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4476=1 SUSE-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4476=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4476=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4476=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4476=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-4.16.5_08-150400.4.40.1 * xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-doc-html-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * xen-devel-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.5_08-150400.4.40.1 * xen-libs-32bit-debuginfo-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.5_08-150400.4.40.1 * xen-libs-64bit-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Basesystem Module 15-SP4 (x86_64) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (x86_64) * xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-tools-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * xen-devel-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34322.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1215145 * https://bugzilla.suse.com/show_bug.cgi?id=1215474 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:11 -0000 Subject: SUSE-SU-2023:4475-1: important: Security update for xen Message-ID: <170020981181.12915.13211845086353745356@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4475-1 Rating: important References: * bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747 * bsc#1215748 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-20588 * CVE-2023-34322 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4475=1 openSUSE-SLE-15.5-2023-4475=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4475=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4475=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4475=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-libs-4.17.2_08-150500.3.15.1 * xen-tools-domU-debuginfo-4.17.2_08-150500.3.15.1 * xen-tools-domU-4.17.2_08-150500.3.15.1 * xen-devel-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-debuginfo-4.17.2_08-150500.3.15.1 * xen-libs-32bit-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-doc-html-4.17.2_08-150500.3.15.1 * xen-tools-4.17.2_08-150500.3.15.1 * xen-4.17.2_08-150500.3.15.1 * xen-tools-debuginfo-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.17.2_08-150500.3.15.1 * xen-libs-64bit-4.17.2_08-150500.3.15.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * xen-libs-4.17.2_08-150500.3.15.1 * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * Basesystem Module 15-SP5 (x86_64) * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-libs-4.17.2_08-150500.3.15.1 * xen-tools-domU-debuginfo-4.17.2_08-150500.3.15.1 * xen-tools-domU-4.17.2_08-150500.3.15.1 * Server Applications Module 15-SP5 (x86_64) * xen-tools-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-4.17.2_08-150500.3.15.1 * xen-tools-debuginfo-4.17.2_08-150500.3.15.1 * xen-devel-4.17.2_08-150500.3.15.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_08-150500.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34322.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1215145 * https://bugzilla.suse.com/show_bug.cgi?id=1215474 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 08:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:15 -0000 Subject: SUSE-RU-2023:4474-1: important: Recommended update for webkit2gtk3 Message-ID: <170020981516.12915.15030573106198369478@smelt2.prg2.suse.org> # Recommended update for webkit2gtk3 Announcement ID: SUSE-RU-2023:4474-1 Rating: important References: * bsc#1216778 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * Rendering of e-mails in Evolution is blank when using the proprietary NVIDIA driver (bsc#1216778) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4474=1 SUSE-2023-4474=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4474=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4474=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4474=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4474=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4474=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4474=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4474=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.60.1 * WebKitGTK-4.1-lang-2.42.1-150400.4.60.1 * WebKitGTK-4.0-lang-2.42.1-150400.4.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk4-devel-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.60.1 * webkit-jsc-4-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.60.1 * webkit-jsc-4-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-devel-2.42.1-150400.4.60.1 * webkit2gtk3-minibrowser-2.42.1-150400.4.60.1 * webkit2gtk4-debugsource-2.42.1-150400.4.60.1 * webkit2gtk3-devel-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-2.42.1-150400.4.60.1 * webkit-jsc-6.0-2.42.1-150400.4.60.1 * webkit2gtk4-minibrowser-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.60.1 * webkit2gtk3-minibrowser-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.60.1 * webkit2gtk3-debugsource-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-6.0-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk4-minibrowser-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-4.1-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit-6_0-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-4.1-debuginfo-2.42.1-150400.4.60.1 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.60.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.1-150400.4.60.1 * openSUSE Leap 15.5 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.60.1 * WebKitGTK-4.1-lang-2.42.1-150400.4.60.1 * WebKitGTK-4.0-lang-2.42.1-150400.4.60.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-devel-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.60.1 * webkit-jsc-4-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-4-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-devel-2.42.1-150400.4.60.1 * webkit2gtk3-minibrowser-2.42.1-150400.4.60.1 * webkit2gtk4-debugsource-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-2.42.1-150400.4.60.1 * webkit-jsc-6.0-2.42.1-150400.4.60.1 * webkit2gtk3-devel-2.42.1-150400.4.60.1 * webkit2gtk4-minibrowser-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.60.1 * webkit2gtk3-minibrowser-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.60.1 * webkit2gtk3-debugsource-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-6.0-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk4-minibrowser-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-4.1-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit-6_0-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.60.1 * webkit-jsc-4.1-debuginfo-2.42.1-150400.4.60.1 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.60.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.1-150400.4.60.1 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.60.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-devel-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.60.1 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.60.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.60.1 * webkit2gtk3-soup2-devel-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.60.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * libwebkit2gtk-4_0-37-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.60.1 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.1-150400.4.60.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.60.1 * webkit2gtk3-debugsource-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-devel-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.1-150400.4.60.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.60.1 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.60.1 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.60.1 * webkit2gtk3-debugsource-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk3-devel-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-2.42.1-150400.4.60.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.60.1 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.60.1 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.60.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk4-debugsource-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.60.1 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.60.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.60.1 * webkit2gtk4-debugsource-2.42.1-150400.4.60.1 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.60.1 * libwebkitgtk-6_0-4-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.60.1 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.60.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 08:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:22 -0000 Subject: SUSE-SU-2023:4473-1: moderate: Security update for frr Message-ID: <170020982260.12915.15920051578375119740@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:4473-1 Rating: moderate References: * bsc#1216626 * bsc#1216627 Cross-References: * CVE-2023-46752 * CVE-2023-46753 CVSS scores: * CVE-2023-46752 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46752 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626) * CVE-2023-46752: Fixed a crash caused from a mishandled malformed MP_REACH_NLRI data. (bsc#1216627) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4473=1 openSUSE-SLE-15.5-2023-4473=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4473=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46752.html * https://www.suse.com/security/cve/CVE-2023-46753.html * https://bugzilla.suse.com/show_bug.cgi?id=1216626 * https://bugzilla.suse.com/show_bug.cgi?id=1216627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 08:50:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 09:50:41 +0100 (CET) Subject: SUSE-CU-2023:3719-1: Security update of suse/rmt-server Message-ID: <20231117085041.0751BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3719-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.32 , suse/rmt-server:latest Container Release : 11.32 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4478-1: moderate: Recommended update for grub2 Message-ID: <170022420433.2632.5977890907976651455@smelt2.prg2.suse.org> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:4478-1 Rating: moderate References: * bsc#1216010 * bsc#1216075 * bsc#1216253 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix failure to identify recent ext4 filesystem (bsc#1216010) * Fix reading files from btrfs with "implicit" holes * Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) * Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4478=1 openSUSE-SLE-15.5-2023-4478=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4478=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4478=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4478=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * grub2-branding-upstream-2.06-150500.29.11.1 * grub2-2.06-150500.29.11.1 * grub2-debuginfo-2.06-150500.29.11.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.06-150500.29.11.1 * openSUSE Leap 15.5 (noarch) * grub2-i386-efi-2.06-150500.29.11.1 * grub2-x86_64-xen-2.06-150500.29.11.1 * grub2-i386-pc-2.06-150500.29.11.1 * grub2-arm64-efi-extras-2.06-150500.29.11.1 * grub2-powerpc-ieee1275-extras-2.06-150500.29.11.1 * grub2-x86_64-efi-extras-2.06-150500.29.11.1 * grub2-i386-efi-extras-2.06-150500.29.11.1 * grub2-i386-xen-2.06-150500.29.11.1 * grub2-snapper-plugin-2.06-150500.29.11.1 * grub2-i386-pc-extras-2.06-150500.29.11.1 * grub2-systemd-sleep-plugin-2.06-150500.29.11.1 * grub2-x86_64-xen-extras-2.06-150500.29.11.1 * grub2-powerpc-ieee1275-2.06-150500.29.11.1 * grub2-powerpc-ieee1275-debug-2.06-150500.29.11.1 * grub2-s390x-emu-extras-2.06-150500.29.11.1 * grub2-i386-efi-debug-2.06-150500.29.11.1 * grub2-x86_64-efi-debug-2.06-150500.29.11.1 * grub2-i386-pc-debug-2.06-150500.29.11.1 * grub2-arm64-efi-2.06-150500.29.11.1 * grub2-arm64-efi-debug-2.06-150500.29.11.1 * grub2-i386-xen-extras-2.06-150500.29.11.1 * grub2-x86_64-efi-2.06-150500.29.11.1 * openSUSE Leap 15.5 (s390x) * grub2-s390x-emu-debug-2.06-150500.29.11.1 * grub2-s390x-emu-2.06-150500.29.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * grub2-2.06-150500.29.11.1 * grub2-debuginfo-2.06-150500.29.11.1 * grub2-debugsource-2.06-150500.29.11.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * grub2-x86_64-xen-2.06-150500.29.11.1 * grub2-arm64-efi-2.06-150500.29.11.1 * grub2-snapper-plugin-2.06-150500.29.11.1 * grub2-i386-pc-2.06-150500.29.11.1 * grub2-x86_64-efi-2.06-150500.29.11.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * grub2-s390x-emu-2.06-150500.29.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150500.29.11.1 * grub2-debuginfo-2.06-150500.29.11.1 * Basesystem Module 15-SP5 (noarch) * grub2-powerpc-ieee1275-2.06-150500.29.11.1 * grub2-arm64-efi-2.06-150500.29.11.1 * grub2-x86_64-efi-2.06-150500.29.11.1 * grub2-snapper-plugin-2.06-150500.29.11.1 * grub2-i386-pc-2.06-150500.29.11.1 * grub2-systemd-sleep-plugin-2.06-150500.29.11.1 * Basesystem Module 15-SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150500.29.11.1 * Basesystem Module 15-SP5 (s390x) * grub2-s390x-emu-2.06-150500.29.11.1 * Server Applications Module 15-SP5 (noarch) * grub2-x86_64-xen-2.06-150500.29.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216010 * https://bugzilla.suse.com/show_bug.cgi?id=1216075 * https://bugzilla.suse.com/show_bug.cgi?id=1216253 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4477-1: moderate: Recommended update for grub2 Message-ID: <170022420733.2632.8298317362928803162@smelt2.prg2.suse.org> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:4477-1 Rating: moderate References: * bsc#1216010 * bsc#1216075 * bsc#1216253 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix failure to identify recent ext4 filesystem (bsc#1216010) * Fix reading files from btrfs with "implicit" holes * Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) * Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4477=1 SUSE-2023-4477=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4477=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4477=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4477=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4477=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4477=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4477=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4477=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4477=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4477=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-branding-upstream-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.06-150400.11.41.1 * openSUSE Leap 15.4 (noarch) * grub2-arm64-efi-extras-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-powerpc-ieee1275-2.06-150400.11.41.1 * grub2-i386-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-powerpc-ieee1275-extras-2.06-150400.11.41.1 * grub2-systemd-sleep-plugin-2.06-150400.11.41.1 * grub2-powerpc-ieee1275-debug-2.06-150400.11.41.1 * grub2-i386-efi-debug-2.06-150400.11.41.1 * grub2-x86_64-efi-debug-2.06-150400.11.41.1 * grub2-x86_64-xen-extras-2.06-150400.11.41.1 * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-i386-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-arm64-efi-debug-2.06-150400.11.41.1 * grub2-i386-pc-extras-2.06-150400.11.41.1 * grub2-i386-efi-extras-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * grub2-i386-xen-extras-2.06-150400.11.41.1 * grub2-i386-pc-debug-2.06-150400.11.41.1 * grub2-s390x-emu-extras-2.06-150400.11.41.1 * grub2-x86_64-efi-extras-2.06-150400.11.41.1 * openSUSE Leap 15.4 (s390x) * grub2-s390x-emu-debug-2.06-150400.11.41.1 * grub2-s390x-emu-2.06-150400.11.41.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * openSUSE Leap Micro 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * openSUSE Leap Micro 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * openSUSE Leap Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-debugsource-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-x86_64-xen-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.06-150400.11.41.1 * grub2-2.06-150400.11.41.1 * Basesystem Module 15-SP4 (noarch) * grub2-x86_64-efi-2.06-150400.11.41.1 * grub2-snapper-plugin-2.06-150400.11.41.1 * grub2-systemd-sleep-plugin-2.06-150400.11.41.1 * grub2-arm64-efi-2.06-150400.11.41.1 * grub2-powerpc-ieee1275-2.06-150400.11.41.1 * grub2-i386-pc-2.06-150400.11.41.1 * Basesystem Module 15-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.41.1 * Basesystem Module 15-SP4 (s390x) * grub2-s390x-emu-2.06-150400.11.41.1 * Server Applications Module 15-SP4 (noarch) * grub2-x86_64-xen-2.06-150400.11.41.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * grub2-arm64-efi-2.06-150400.11.41.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216010 * https://bugzilla.suse.com/show_bug.cgi?id=1216075 * https://bugzilla.suse.com/show_bug.cgi?id=1216253 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 17 12:31:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:31:52 +0100 (CET) Subject: SUSE-CU-2023:3720-1: Security update of suse/sle15 Message-ID: <20231117123152.4E77FF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3720-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.212 , suse/sle15:15.3 , suse/sle15:15.3.17.20.212 Container Release : 17.20.212 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-updates at lists.suse.com Fri Nov 17 12:32:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:32:43 +0100 (CET) Subject: SUSE-CU-2023:3721-1: Security update of bci/bci-init Message-ID: <20231117123243.0B987F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3721-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.25 Container Release : 30.25 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Fri Nov 17 12:32:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:32:58 +0100 (CET) Subject: SUSE-CU-2023:3722-1: Security update of bci/bci-micro Message-ID: <20231117123258.50846F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3722-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.23.4 Container Release : 23.4 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Fri Nov 17 12:33:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:33:14 +0100 (CET) Subject: SUSE-CU-2023:3723-1: Security update of bci/bci-minimal Message-ID: <20231117123314.5ACFAF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3723-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.13 Container Release : 24.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.4.0-23.4 updated From sle-updates at lists.suse.com Fri Nov 17 12:33:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:33:50 +0100 (CET) Subject: SUSE-CU-2023:3724-1: Security update of bci/nodejs Message-ID: <20231117123350.7C2F2F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3724-1 Container Tags : bci/node:16 , bci/node:16-18.21 , bci/nodejs:16 , bci/nodejs:16-18.21 Container Release : 18.21 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Fri Nov 17 12:34:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:34:57 +0100 (CET) Subject: SUSE-CU-2023:3725-1: Security update of suse/pcp Message-ID: <20231117123457.7981BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3725-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.185 , suse/pcp:5.2 , suse/pcp:5.2-17.185 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.185 Container Release : 17.185 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:bci-bci-init-15.4-15.4-30.25 updated From sle-updates at lists.suse.com Fri Nov 17 12:35:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:35:15 +0100 (CET) Subject: SUSE-CU-2023:3726-1: Security update of suse/postgres Message-ID: <20231117123515.4ADEEF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3726-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.9 , suse/postgres:14.9 , suse/postgres:14.9-24.9 Container Release : 24.9 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Fri Nov 17 12:36:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:36:06 +0100 (CET) Subject: SUSE-CU-2023:3727-1: Security update of bci/python Message-ID: <20231117123606.8F4BBF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3727-1 Container Tags : bci/python:3 , bci/python:3-16.23 , bci/python:3.10 , bci/python:3.10-16.23 Container Release : 16.23 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Fri Nov 17 12:36:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:36:47 +0100 (CET) Subject: SUSE-CU-2023:3728-1: Security update of suse/sle15 Message-ID: <20231117123647.7E9D4F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3728-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.118 , suse/sle15:15.4 , suse/sle15:15.4.27.14.118 Container Release : 27.14.118 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Fri Nov 17 12:37:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:04 +0100 (CET) Subject: SUSE-CU-2023:3729-1: Security update of suse/389-ds Message-ID: <20231117123704.4BD5EF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3729-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.40 , suse/389-ds:latest Container Release : 16.40 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:37:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:22 +0100 (CET) Subject: SUSE-CU-2023:3730-1: Security update of bci/dotnet-aspnet Message-ID: <20231117123722.3F309F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3730-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.11 , bci/dotnet-aspnet:6.0.24 , bci/dotnet-aspnet:6.0.24-17.11 Container Release : 17.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:37:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:42 +0100 (CET) Subject: SUSE-CU-2023:3731-1: Security update of bci/dotnet-aspnet Message-ID: <20231117123742.1D7F3F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3731-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-17.11 , bci/dotnet-aspnet:7.0.13 , bci/dotnet-aspnet:7.0.13-17.11 , bci/dotnet-aspnet:latest Container Release : 17.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:38:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:04 +0100 (CET) Subject: SUSE-CU-2023:3732-1: Security update of bci/dotnet-sdk Message-ID: <20231117123804.E0EADF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3732-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-16.11 , bci/dotnet-sdk:6.0.24 , bci/dotnet-sdk:6.0.24-16.11 Container Release : 16.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:38:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:29 +0100 (CET) Subject: SUSE-CU-2023:3733-1: Security update of bci/dotnet-sdk Message-ID: <20231117123829.33353F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3733-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-18.10 , bci/dotnet-sdk:7.0.13 , bci/dotnet-sdk:7.0.13-18.10 , bci/dotnet-sdk:latest Container Release : 18.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:38:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:50 +0100 (CET) Subject: SUSE-CU-2023:3734-1: Security update of bci/dotnet-runtime Message-ID: <20231117123850.47B4FF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3734-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-18.11 , bci/dotnet-runtime:7.0.13 , bci/dotnet-runtime:7.0.13-18.11 , bci/dotnet-runtime:latest Container Release : 18.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:38:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:57 +0100 (CET) Subject: SUSE-CU-2023:3735-1: Security update of suse/git Message-ID: <20231117123857.088AFF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3735-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.14 , suse/git:latest Container Release : 4.14 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-updates at lists.suse.com Fri Nov 17 12:39:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:12 +0100 (CET) Subject: SUSE-CU-2023:3736-1: Security update of bci/golang Message-ID: <20231117123912.15C54F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3736-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.41 , bci/golang:oldstable , bci/golang:oldstable-2.4.41 Container Release : 4.41 Severity : important Type : security References : 1206346 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 1216943 1216944 CVE-2023-4039 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4470-1 Released: Thu Nov 16 19:00:15 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1216943,1216944,CVE-2023-45283,CVE-2023-45284 This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - go1.20-doc-1.20.11-150000.1.32.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.20-1.20.11-150000.1.32.1 updated - go1.20-race-1.20.11-150000.1.32.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:39:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:21 +0100 (CET) Subject: SUSE-CU-2023:3737-1: Security update of bci/golang Message-ID: <20231117123921.01DF2F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3737-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.40 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.40 Container Release : 7.40 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:39:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:39 +0100 (CET) Subject: SUSE-CU-2023:3738-1: Security update of bci/golang Message-ID: <20231117123939.6F93BF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3738-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.39 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.39 Container Release : 4.39 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215427 1216664 1216943 1216944 CVE-2023-4039 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4471-1 Released: Thu Nov 16 19:00:52 2023 Summary: Security update for go1.21 Type: security Severity: moderate References: 1212475,1216943,1216944,CVE-2023-45283,CVE-2023-45284 This update for go1.21 fixes the following issues: go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - go1.21-doc-1.21.4-150000.1.15.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.21-1.21.4-150000.1.15.1 updated - go1.21-race-1.21.4-150000.1.15.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:39:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:47 +0100 (CET) Subject: SUSE-CU-2023:3739-1: Security update of bci/golang Message-ID: <20231117123947.6CAFBF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3739-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.36 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.36 Container Release : 7.36 Severity : important Type : security References : 1206346 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1215985 1216109 1216664 1216943 1216944 CVE-2023-39323 CVE-2023-39325 CVE-2023-4039 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4472-1 Released: Thu Nov 16 19:01:27 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1215985,1216109,1216943,1216944,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.20-openssl-1.20.11.1-150000.1.14.1 updated - go1.20-openssl-race-1.20.11.1-150000.1.14.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:39:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:53 +0100 (CET) Subject: SUSE-CU-2023:3740-1: Security update of suse/helm Message-ID: <20231117123953.B88E9F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3740-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.13 , suse/helm:latest Container Release : 3.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:03 +0100 (CET) Subject: SUSE-CU-2023:3740-1: Security update of suse/helm Message-ID: <20231117124203.33D92F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3740-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.13 , suse/helm:latest Container Release : 3.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:16 +0100 (CET) Subject: SUSE-CU-2023:3741-1: Security update of bci/bci-init Message-ID: <20231117124216.2A055F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3741-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.33 , bci/bci-init:latest Container Release : 10.33 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:21 +0100 (CET) Subject: SUSE-CU-2023:3742-1: Security update of bci/bci-micro Message-ID: <20231117124221.26987F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3742-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.4 , bci/bci-micro:latest Container Release : 12.4 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:27 +0100 (CET) Subject: SUSE-CU-2023:3743-1: Security update of bci/bci-minimal Message-ID: <20231117124227.4F73CF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3743-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.12 , bci/bci-minimal:latest Container Release : 13.12 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:37 +0100 (CET) Subject: SUSE-CU-2023:3744-1: Security update of suse/nginx Message-ID: <20231117124237.25E78F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3744-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.33 , suse/nginx:latest Container Release : 5.33 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:42:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:53 +0100 (CET) Subject: SUSE-CU-2023:3745-1: Security update of bci/nodejs Message-ID: <20231117124253.7364DF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3745-1 Container Tags : bci/node:18 , bci/node:18-11.35 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.35 , bci/nodejs:latest Container Release : 11.35 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:43:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:12 +0100 (CET) Subject: SUSE-CU-2023:3746-1: Security update of bci/openjdk-devel Message-ID: <20231117124312.48016F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3746-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.75 Container Release : 10.75 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:bci-openjdk-11-15.5.11-11.36 updated From sle-updates at lists.suse.com Fri Nov 17 12:43:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:26 +0100 (CET) Subject: SUSE-CU-2023:3747-1: Security update of bci/openjdk Message-ID: <20231117124326.A8DFFF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3747-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.36 Container Release : 11.36 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:43:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:43 +0100 (CET) Subject: SUSE-CU-2023:3748-1: Security update of bci/openjdk-devel Message-ID: <20231117124343.75D2EF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3748-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.69 , bci/openjdk-devel:latest Container Release : 12.69 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:bci-openjdk-17-15.5.17-12.34 updated From sle-updates at lists.suse.com Fri Nov 17 12:43:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:59 +0100 (CET) Subject: SUSE-CU-2023:3749-1: Security update of bci/openjdk Message-ID: <20231117124359.611E8F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3749-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.34 , bci/openjdk:latest Container Release : 12.34 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:44:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:15 +0100 (CET) Subject: SUSE-CU-2023:3750-1: Security update of suse/pcp Message-ID: <20231117124415.8DDB1F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3750-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.58 , suse/pcp:5.2 , suse/pcp:5.2-15.58 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.58 , suse/pcp:latest Container Release : 15.58 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:bci-bci-init-15.5-15.5-10.33 updated From sle-updates at lists.suse.com Fri Nov 17 12:44:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:29 +0100 (CET) Subject: SUSE-CU-2023:3751-1: Security update of bci/php-apache Message-ID: <20231117124429.29142F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3751-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.32 Container Release : 8.32 Severity : important Type : security References : 1206480 1206684 1207399 1209998 1210557 1211427 1212101 1213915 1214052 1214357 1214460 1215427 1216424 1216664 CVE-2023-31122 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - apache2-utils-2.4.51-150400.6.14.1 updated - apache2-2.4.51-150400.6.14.1 updated - apache2-prefork-2.4.51-150400.6.14.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:44:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:43 +0100 (CET) Subject: SUSE-CU-2023:3752-1: Security update of bci/php-fpm Message-ID: <20231117124443.DB2B0F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3752-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.34 Container Release : 8.34 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:44:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:56 +0100 (CET) Subject: SUSE-CU-2023:3753-1: Security update of bci/php Message-ID: <20231117124456.37E61F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3753-1 Container Tags : bci/php:8 , bci/php:8-8.30 Container Release : 8.30 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:45:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:08 +0100 (CET) Subject: SUSE-CU-2023:3754-1: Security update of suse/postgres Message-ID: <20231117124508.6F9D6F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3754-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.11 , suse/postgres:15.4 , suse/postgres:15.4-12.11 , suse/postgres:latest Container Release : 12.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:45:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:22 +0100 (CET) Subject: SUSE-CU-2023:3755-1: Security update of bci/python Message-ID: <20231117124522.C80E3F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3755-1 Container Tags : bci/python:3 , bci/python:3-12.27 , bci/python:3.11 , bci/python:3.11-12.27 , bci/python:latest Container Release : 12.27 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:45:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:39 +0100 (CET) Subject: SUSE-CU-2023:3756-1: Security update of bci/python Message-ID: <20231117124539.04A43F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3756-1 Container Tags : bci/python:3 , bci/python:3-14.27 , bci/python:3.6 , bci/python:3.6-14.27 Container Release : 14.27 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:45:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:49 +0100 (CET) Subject: SUSE-CU-2023:3757-1: Security update of bci/ruby Message-ID: <20231117124549.AC2B6F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3757-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.31 , bci/ruby:2.5 , bci/ruby:2.5-12.31 , bci/ruby:latest Container Release : 12.31 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:46:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:04 +0100 (CET) Subject: SUSE-CU-2023:3758-1: Security update of bci/rust Message-ID: <20231117124604.F2528F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3758-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.23 , bci/rust:oldstable , bci/rust:oldstable-2.2.23 Container Release : 2.23 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libasan8-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - libtsan2-13.2.1+git7813-150000.1.6.1 updated - libubsan1-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:46:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:19 +0100 (CET) Subject: SUSE-CU-2023:3759-1: Security update of bci/rust Message-ID: <20231117124619.4AD02F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3759-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.22 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.22 Container Release : 2.22 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libasan8-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - libtsan2-13.2.1+git7813-150000.1.6.1 updated - libubsan1-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Fri Nov 17 12:46:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:31 +0100 (CET) Subject: SUSE-CU-2023:3760-1: Security update of suse/sle15 Message-ID: <20231117124631.41B50F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3760-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.54 , suse/sle15:15.5 , suse/sle15:15.5.36.5.54 Container Release : 36.5.54 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Fri Nov 17 13:01:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2023 14:01:33 +0100 (CET) Subject: SUSE-CU-2023:3760-1: Security update of suse/sle15 Message-ID: <20231117130133.DC6D1FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3760-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.54 , suse/sle15:15.5 , suse/sle15:15.5.36.5.54 Container Release : 36.5.54 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:02:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:02:47 +0100 (CET) Subject: SUSE-CU-2023:3762-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231118080247.C0D52F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3762-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.255 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.255 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Sat Nov 18 08:03:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:03:42 +0100 (CET) Subject: SUSE-CU-2023:3764-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231118080342.23F1DF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3764-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.152 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.152 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-updates at lists.suse.com Sat Nov 18 08:03:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:03:51 +0100 (CET) Subject: SUSE-CU-2023:3765-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231118080351.94D53F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3765-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.97 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.97 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Sat Nov 18 08:04:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:23 +0100 (CET) Subject: SUSE-CU-2023:3766-1: Security update of suse/registry Message-ID: <20231118080423.ED9D7F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3766-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.16 , suse/registry:latest Container Release : 15.16 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-updates at lists.suse.com Sat Nov 18 08:04:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:34 +0100 (CET) Subject: SUSE-CU-2023:3767-1: Security update of bci/dotnet-runtime Message-ID: <20231118080434.47E88F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3767-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.10 , bci/dotnet-runtime:6.0.24 , bci/dotnet-runtime:6.0.24-16.10 Container Release : 16.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-updates at lists.suse.com Sat Nov 18 08:04:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:43 +0100 (CET) Subject: SUSE-CU-2023:3768-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231118080443.6E93EF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3768-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.7 Container Release : 9.40.7 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:04:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:3769-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231118080448.8AAFAF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3769-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.7 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.7 Container Release : 9.30.7 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:04:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:54 +0100 (CET) Subject: SUSE-CU-2023:3770-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231118080454.E3C0FF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3770-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.5 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.5 Container Release : 9.39.5 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:05:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:00 +0100 (CET) Subject: SUSE-CU-2023:3771-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231118080500.5055FF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3771-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.5 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.5 Container Release : 9.30.5 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:05:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:06 +0100 (CET) Subject: SUSE-CU-2023:3772-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231118080506.0738EF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3772-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.6 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.6 Container Release : 9.30.6 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-updates at lists.suse.com Sat Nov 18 08:05:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:31 +0100 (CET) Subject: SUSE-CU-2023:3773-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231118080531.208DAF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3773-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.315 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.315 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - container:sles15-image-15.0.0-17.20.212 updated From sle-updates at lists.suse.com Sun Nov 19 08:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:04:19 +0100 (CET) Subject: SUSE-CU-2023:3774-1: Security update of suse/sle15 Message-ID: <20231119080419.C2A23FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3774-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.843 Container Release : 6.2.843 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-updates at lists.suse.com Sun Nov 19 08:06:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:06:05 +0100 (CET) Subject: SUSE-CU-2023:3775-1: Security update of suse/sle15 Message-ID: <20231119080605.E061BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3775-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.370 Container Release : 9.5.370 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-updates at lists.suse.com Sun Nov 19 08:06:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:06:54 +0100 (CET) Subject: SUSE-CU-2023:3776-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231119080654.09345FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3776-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.493 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.493 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - container:sles15-image-15.0.0-17.20.212 updated From sle-updates at lists.suse.com Mon Nov 20 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 12:30:01 -0000 Subject: SUSE-RU-2023:4481-1: moderate: Recommended update for qmlpluginexports Message-ID: <170048340170.18127.9127306478595213425@smelt2.prg2.suse.org> # Recommended update for qmlpluginexports Announcement ID: SUSE-RU-2023:4481-1 Rating: moderate References: * bsc#1215798 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for qmlpluginexports ships the qmlpluginexports-qt5 plugin to the Development Tools Module. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4481=1 openSUSE-SLE-15.5-2023-4481=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4481=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qmlpluginexports-qt5-debuginfo-1.0-150500.8.2.1 * qmlpluginexports-qt5-1.0-150500.8.2.1 * qmlpluginexports-qt6-1.0-150500.8.2.1 * qmlpluginexports-qt6-debuginfo-1.0-150500.8.2.1 * qmlpluginexports-qt6-debugsource-1.0-150500.8.2.1 * qmlpluginexports-qt5-debugsource-1.0-150500.8.2.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qmlpluginexports-qt5-1.0-150500.8.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215798 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4480-1: important: Security update for gcc13 Message-ID: <170048340580.18127.18163808067501310880@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4480-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * bsc#1215427 * bsc#1216664 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability, contains five features and has nine security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Work around third party app crash during C++ standard library initialization. [bsc#1216664] * Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) * Bump included newlib to version 4.3.0. * Update to GCC trunk head (r13-5254-g05b9868b182bb9) * Redo floatn fixinclude pick-up to simply keep what is there. * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-4480=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc13-PIE-13.2.1+git7813-1.10.1 * gcc13-locale-13.2.1+git7813-1.10.1 * gcc13-13.2.1+git7813-1.10.1 * gcc13-fortran-13.2.1+git7813-1.10.1 * gcc13-debuginfo-13.2.1+git7813-1.10.1 * gcc13-c++-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-devel-gcc13-13.2.1+git7813-1.10.1 * cpp13-debuginfo-13.2.1+git7813-1.10.1 * gcc13-fortran-debuginfo-13.2.1+git7813-1.10.1 * gcc13-c++-13.2.1+git7813-1.10.1 * gcc13-debugsource-13.2.1+git7813-1.10.1 * cpp13-13.2.1+git7813-1.10.1 * Toolchain Module 12 (noarch) * gcc13-info-13.2.1+git7813-1.10.1 * Toolchain Module 12 (s390x x86_64) * gcc13-c++-32bit-13.2.1+git7813-1.10.1 * gcc13-32bit-13.2.1+git7813-1.10.1 * gcc13-fortran-32bit-13.2.1+git7813-1.10.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-1.10.1 * Toolchain Module 12 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * libatomic1-32bit-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatomic1-32bit-13.2.1+git7813-1.10.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * libatomic1-32bit-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://bugzilla.suse.com/show_bug.cgi?id=1215427 * https://bugzilla.suse.com/show_bug.cgi?id=1216664 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4479-1: important: Security update for postgresql14 Message-ID: <170048340822.18127.12719042708528871543@smelt2.prg2.suse.org> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:4479-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4479=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4479=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4479=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4479=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4479=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4479=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4479=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4479=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4479=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4479=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4479=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4479=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4479=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4479=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4479=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * openSUSE Leap 15.4 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * openSUSE Leap 15.5 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * Legacy Module 15-SP5 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * Server Applications Module 15-SP4 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4490-1: moderate: Security update for python-Twisted Message-ID: <170049780347.29837.1829036826980637911@smelt2.prg2.suse.org> # Security update for python-Twisted Announcement ID: SUSE-SU-2023:4490-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for python-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4490=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Twisted-debugsource-19.10.0-150200.3.21.1 * python-Twisted-debuginfo-19.10.0-150200.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4489-1: important: Security update for openssl Message-ID: <170049780696.29837.7749709136151411985@smelt2.prg2.suse.org> # Security update for openssl Announcement ID: SUSE-SU-2023:4489-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4489=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4489=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-32bit-0.9.8j-0.106.80.1 * openssl-doc-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.80.1 * openssl-0.9.8j-0.106.80.1 * libopenssl0_9_8-0.9.8j-0.106.80.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-32bit-0.9.8j-0.106.80.1 * openssl-doc-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.80.1 * openssl-0.9.8j-0.106.80.1 * libopenssl0_9_8-0.9.8j-0.106.80.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4488-1: important: Security update for openssl1 Message-ID: <170049780941.29837.17496660467209403123@smelt2.prg2.suse.org> # Security update for openssl1 Announcement ID: SUSE-SU-2023:4488-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4488=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4488=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.76.1 * openssl1-doc-1.0.1g-0.58.76.1 * openssl1-1.0.1g-0.58.76.1 * libopenssl1_0_0-1.0.1g-0.58.76.1 * libopenssl1-devel-1.0.1g-0.58.76.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.76.1 * openssl1-doc-1.0.1g-0.58.76.1 * openssl1-1.0.1g-0.58.76.1 * libopenssl1_0_0-1.0.1g-0.58.76.1 * libopenssl1-devel-1.0.1g-0.58.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4486-1: important: Security update for xen Message-ID: <170049781185.29837.7803129840589846179@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4486-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4486=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-devel-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4485-1: important: Security update for xen Message-ID: <170049781470.29837.13358558989445592572@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4485-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4485=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4485=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4485=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4484-1: important: Security update for xen Message-ID: <170049781727.29837.5797197183728194899@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4484-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4484=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4484=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:19 -0000 Subject: SUSE-SU-2023:4483-1: moderate: Security update for frr Message-ID: <170049781970.29837.13548211542053977310@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:4483-1 Rating: moderate References: * bsc#1216626 * bsc#1216627 Cross-References: * CVE-2023-46752 * CVE-2023-46753 CVSS scores: * CVE-2023-46752 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46752 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-46752: Fixed denial of service caused by mishandling malformed MP_REACH_NLRI data (bsc#1216627). * CVE-2023-46753: Fixed denial of service caused by crafted BGP UPDATE messages (bsc#1216626). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4483=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4483=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4483=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46752.html * https://www.suse.com/security/cve/CVE-2023-46753.html * https://bugzilla.suse.com/show_bug.cgi?id=1216626 * https://bugzilla.suse.com/show_bug.cgi?id=1216627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 20 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Nov 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4492-1: important: Security update for nghttp2 Message-ID: <170051220254.16280.7459302537208489495@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4492-1 Rating: important References: * bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4492=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4492=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4492=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * SUSE CaaS Platform 4.0 (x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216123 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4495-1: important: Security update for postgresql, postgresql15, postgresql16 Message-ID: <170055540508.22646.14827261907477408295@smelt2.prg2.suse.org> # Security update for postgresql, postgresql15, postgresql16 Announcement ID: SUSE-SU-2023:4495-1 Rating: important References: * bsc#1122892 * bsc#1179231 * bsc#1206796 * bsc#1209208 * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 * jsc#PED-5586 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed. ## Description: This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: * Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql15: * Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html * The libs and mini package are now provided by postgresql16. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql: * Interlock version and release of all noarch packages except for the postgresql-docs. * bsc#1122892: Add a sysconfig variable for initdb. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. * Add postgresql-README as a separate source file. * bsc#1209208: Drop hard dependency on systemd * bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4495=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4495=1 openSUSE-SLE-15.4-2023-4495=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4495=1 openSUSE-SLE-15.5-2023-4495=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4495=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4495=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4495=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4495=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4495=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4495=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4495=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4495=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4495=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4495=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4495=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4495=1 ## Package List: * openSUSE Leap 15.3 (noarch) * postgresql-test-16-150300.10.18.3 * postgresql-16-150300.10.18.3 * postgresql-llvmjit-devel-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-llvmjit-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * openSUSE Leap 15.4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-llvmjit-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150300.10.18.3 * postgresql-devel-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-16-150400.4.9.2 * postgresql-test-16-150400.4.9.2 * postgresql16-docs-16.1-150200.5.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-devel-mini-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql16-mini-debugsource-16.1-150200.5.7.1 * postgresql16-devel-mini-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * openSUSE Leap 15.4 (x86_64) * libecpg6-32bit-debuginfo-16.1-150200.5.7.1 * libpq5-32bit-16.1-150200.5.7.1 * libecpg6-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * openSUSE Leap 15.5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-llvmjit-16-150500.10.3.2 * postgresql-test-16-150500.10.3.2 * postgresql16-docs-16.1-150200.5.7.1 * postgresql-plperl-16-150500.10.3.2 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * postgresql-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-devel-mini-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql16-mini-debugsource-16.1-150200.5.7.1 * postgresql16-devel-mini-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * openSUSE Leap 15.5 (x86_64) * libecpg6-32bit-debuginfo-16.1-150200.5.7.1 * libpq5-32bit-16.1-150200.5.7.1 * libecpg6-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpq5-16.1-150200.5.7.1 * postgresql16-debugsource-16.1-150200.5.7.1 * postgresql16-debuginfo-16.1-150200.5.7.1 * libpq5-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * Basesystem Module 15-SP4 (noarch) * postgresql-16-150400.4.9.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpq5-16.1-150200.5.7.1 * postgresql16-debugsource-16.1-150200.5.7.1 * postgresql16-debuginfo-16.1-150200.5.7.1 * libpq5-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * Basesystem Module 15-SP5 (noarch) * postgresql-16-150500.10.3.2 * Legacy Module 15-SP4 (noarch) * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-llvmjit-16-150400.4.9.2 * Legacy Module 15-SP5 (noarch) * postgresql-llvmjit-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * SUSE Package Hub 15 15-SP4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql-llvmjit-16-150400.4.9.2 * postgresql-devel-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-16-150400.4.9.2 * postgresql-test-16-150400.4.9.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * SUSE Package Hub 15 15-SP5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql-llvmjit-16-150500.10.3.2 * postgresql-test-16-150500.10.3.2 * postgresql-plperl-16-150500.10.3.2 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * postgresql-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql16-test-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * Server Applications Module 15-SP4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql16-docs-16.1-150200.5.7.1 * Server Applications Module 15-SP4 (ppc64le) * postgresql15-15.5-150200.5.19.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * Server Applications Module 15-SP5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql16-docs-16.1-150200.5.7.1 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-plperl-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1122892 * https://bugzilla.suse.com/show_bug.cgi?id=1179231 * https://bugzilla.suse.com/show_bug.cgi?id=1206796 * https://bugzilla.suse.com/show_bug.cgi?id=1209208 * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 * https://jira.suse.com/browse/PED-5586 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:07 -0000 Subject: SUSE-RU-2023:4494-1: moderate: Recommended update for cmake Message-ID: <170055540793.22646.16203886870294760654@smelt2.prg2.suse.org> # Recommended update for cmake Announcement ID: SUSE-RU-2023:4494-1 Rating: moderate References: * bsc#1217009 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for cmake fixes the following issues: * Packages fail to build when there's a folder called "CMakeLists.txt" (bsc#1217009) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4494=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4494=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4494=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4494=1 openSUSE-SLE-15.4-2023-4494=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cmake-man-3.20.4-150400.4.3.1 * cmake-full-debuginfo-3.20.4-150400.4.3.1 * cmake-full-debugsource-3.20.4-150400.4.3.1 * cmake-gui-debuginfo-3.20.4-150400.4.3.1 * cmake-full-3.20.4-150400.4.3.1 * cmake-gui-3.20.4-150400.4.3.1 * cmake-ui-debugsource-3.20.4-150400.4.3.1 * cmake-3.20.4-150400.4.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cmake-full-debuginfo-3.20.4-150400.4.3.1 * cmake-3.20.4-150400.4.3.1 * cmake-full-3.20.4-150400.4.3.1 * cmake-full-debugsource-3.20.4-150400.4.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cmake-full-debuginfo-3.20.4-150400.4.3.1 * cmake-3.20.4-150400.4.3.1 * cmake-full-3.20.4-150400.4.3.1 * cmake-full-debugsource-3.20.4-150400.4.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cmake-man-3.20.4-150400.4.3.1 * cmake-full-debuginfo-3.20.4-150400.4.3.1 * cmake-full-debugsource-3.20.4-150400.4.3.1 * cmake-gui-debuginfo-3.20.4-150400.4.3.1 * cmake-full-3.20.4-150400.4.3.1 * cmake-mini-debugsource-3.20.4-150400.4.3.1 * cmake-gui-3.20.4-150400.4.3.1 * cmake-ui-debugsource-3.20.4-150400.4.3.1 * cmake-3.20.4-150400.4.3.1 * cmake-mini-3.20.4-150400.4.3.1 * cmake-mini-debuginfo-3.20.4-150400.4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:09 -0000 Subject: SUSE-RU-2023:2437-2: moderate: Recommended update for hplip Message-ID: <170055540970.22646.2524684109154278174@smelt2.prg2.suse.org> # Recommended update for hplip Announcement ID: SUSE-RU-2023:2437-2 Rating: moderate References: * bsc#1209866 Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for hplip fixes the following issues: * Fix printer attribute handling which could provoke a buffer overflow if CUPS returned a printer with too large `name/location/uri/etc` (bsc#1209866) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2437=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2437=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2437=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-scan-utils-3.21.10-150400.3.8.1 * hplip-hpijs-3.21.10-150400.3.8.1 * hplip-3.21.10-150400.3.8.1 * hplip-sane-3.21.10-150400.3.8.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-devel-3.21.10-150400.3.8.1 * hplip-sane-debuginfo-3.21.10-150400.3.8.1 * hplip-scan-utils-debuginfo-3.21.10-150400.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-hpijs-3.21.10-150400.3.8.1 * hplip-sane-3.21.10-150400.3.8.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-devel-3.21.10-150400.3.8.1 * hplip-sane-debuginfo-3.21.10-150400.3.8.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-3.21.10-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209866 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:11 -0000 Subject: SUSE-SU-2023:4493-1: important: Security update for ucode-intel Message-ID: <170055541126.22646.9453928451425420738@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4493-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:02 -0000 Subject: SUSE-FU-2023:4502-1: low: Feature update for python3 Message-ID: <170056980269.16091.6889313117273243818@smelt2.prg2.suse.org> # Feature update for python3 Announcement ID: SUSE-FU-2023:4502-1 Rating: low References: * jsc#PED-68 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This feature update for python3 packages adds the following: * Second batch of new python-3.11 packages (jsc#PED-68) Updates to previosly released python 3.11 packages: \- python-urllib3 to 2.0.7 \- python-Sphinx to 7.2.6 \- python-pytest to 7.4.2 \- python-hypothesis to 6.82.7 \- python-sphinxcontrib-serializinghtml to 1.1.9 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4502=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4502=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4502=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4502=1 openSUSE-SLE-15.4-2023-4502=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4502=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4502=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zopfli-debuginfo-1.0.3-150400.9.3.2 * xclip-0.13-150400.9.3.1 * libzopfli-devel-1.0.3-150400.9.3.2 * zopfli-debugsource-1.0.3-150400.9.3.2 * xclip-debugsource-0.13-150400.9.3.1 * zopfli-1.0.3-150400.9.3.2 * xclip-debuginfo-0.13-150400.9.3.1 * xsel-debugsource-1.2.0-150400.9.3.1 * libzopfli1-1.0.3-150400.9.3.2 * libzopfli1-debuginfo-1.0.3-150400.9.3.2 * xsel-debuginfo-1.2.0-150400.9.3.1 * xsel-1.2.0-150400.9.3.1 * libzopflipng1-debuginfo-1.0.3-150400.9.3.2 * libzopflipng1-1.0.3-150400.9.3.2 * Basesystem Module 15-SP5 (x86_64) * libzopflipng1-32bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-32bit-1.0.3-150400.9.3.2 * libzopflipng1-32bit-1.0.3-150400.9.3.2 * libzopfli1-32bit-debuginfo-1.0.3-150400.9.3.2 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-kiwisolver-debuginfo-1.4.4-150400.7.3.1 * python-gssapi-debugsource-1.8.2-150400.5.3.1 * python311-gobject-cairo-3.44.1-150400.3.7.1 * python311-gssapi-1.8.2-150400.5.3.1 * python311-pycairo-debuginfo-1.23.0-150400.3.3.1 * python311-zopfli-0.2.3-150400.9.5.1 * python311-pysendfile-2.0.1-150400.9.3.1 * python311-gobject-3.44.1-150400.3.7.1 * python311-zstd-1.5.5.1-150400.9.3.1 * python311-gobject-debuginfo-3.44.1-150400.3.7.1 * python311-netifaces-debuginfo-0.11.0-150400.11.3.1 * python311-gobject-Gdk-3.44.1-150400.3.7.1 * python311-dmidecode-3.12.3-150400.14.6.1 * python311-gssapi-debuginfo-1.8.2-150400.5.3.1 * python311-pylibmc-1.6.3-150400.7.3.1 * python311-zstd-debuginfo-1.5.5.1-150400.9.3.1 * python311-contourpy-1.0.7-150400.9.3.1 * python311-urwid-debuginfo-2.1.2-150400.11.3.1 * python311-netifaces-0.11.0-150400.11.3.1 * python311-contourpy-debuginfo-1.0.7-150400.9.3.1 * python311-psycopg2-2.9.7-150400.12.3.1 * python311-pycairo-1.23.0-150400.3.3.1 * python311-zopfli-debuginfo-0.2.3-150400.9.5.1 * python311-urwid-2.1.2-150400.11.3.1 * python-maxminddb-debugsource-2.4.0-150400.9.5.1 * python-dmidecode-debugsource-3.12.3-150400.14.6.1 * python311-cmarkgfm-2022.10.27-150400.9.3.1 * python311-pysendfile-debuginfo-2.0.1-150400.9.3.1 * python311-gobject-devel-3.44.1-150400.3.7.1 * python311-scandir-1.10.0-150400.10.3.1 * python311-maxminddb-2.4.0-150400.9.5.1 * python311-lazy-object-proxy-debuginfo-1.9.0-150400.11.3.1 * python-gobject-debugsource-3.44.1-150400.3.7.1 * python311-dmidecode-debuginfo-3.12.3-150400.14.6.1 * python-contourpy-debugsource-1.0.7-150400.9.3.1 * python-psycopg2-debugsource-2.9.7-150400.12.3.1 * python311-cmarkgfm-debuginfo-2022.10.27-150400.9.3.1 * python-urwid-debugsource-2.1.2-150400.11.3.1 * python311-gobject-cairo-debuginfo-3.44.1-150400.3.7.1 * python311-pycairo-devel-1.23.0-150400.3.3.1 * python311-psycopg2-debuginfo-2.9.7-150400.12.3.1 * python-gobject-debuginfo-3.44.1-150400.3.7.1 * python-pysendfile-debugsource-2.0.1-150400.9.3.1 * python-zopfli-debugsource-0.2.3-150400.9.5.1 * python311-astunparse-1.6.3-150400.9.3.1 * python311-lazy-object-proxy-1.9.0-150400.11.3.1 * python311-maxminddb-debuginfo-2.4.0-150400.9.5.1 * python-lazy-object-proxy-debugsource-1.9.0-150400.11.3.1 * python-pycairo-debugsource-1.23.0-150400.3.3.1 * python-pylibmc-debugsource-1.6.3-150400.7.3.1 * python311-kiwisolver-1.4.4-150400.7.3.1 * python311-pylibmc-debuginfo-1.6.3-150400.7.3.1 * python-kiwisolver-debugsource-1.4.4-150400.7.3.1 * python-zstd-debugsource-1.5.5.1-150400.9.3.1 * python-netifaces-debugsource-0.11.0-150400.11.3.1 * python-cmarkgfm-debugsource-2022.10.27-150400.9.3.1 * Python 3 Module 15-SP4 (noarch) * python311-twine-4.0.2-150400.9.3.1 * python311-traitlets-5.10.0-150400.9.3.1 * python311-coloredlogs-15.0.1-150400.9.3.1 * python311-verboselogs-1.7-150400.9.3.1 * python311-Sphinx-latex-7.2.6-150400.3.6.1 * python311-requests-futures-1.0.1-150400.9.3.1 * python311-prometheus-client-0.17.0-150400.11.3.1 * python311-pickleshare-0.7.5-150400.9.3.1 * python311-purl-1.6-150400.7.3.1 * python311-argcomplete-3.1.2-150400.12.5.1 * python311-blessings-1.7-150400.9.3.1 * python311-Cycler-0.11.0-150400.11.3.1 * python311-k5test-0.10.3-150400.9.3.1 * python311-userpath-1.9.0-150400.9.3.1 * python311-executing-1.2.0-150400.9.3.1 * python311-Paver-1.3.4-150400.3.3.4 * python311-cogapp-3.3.0-150400.3.3.1 * python311-pytest-localserver-0.8.0-150400.7.3.1 * python311-pyu2f-0.1.5a-150400.9.3.1 * python311-sphinxcontrib-apidoc-0.4.0-150400.10.5.1 * python311-stack-data-0.6.2-150400.9.3.1 * python311-requests-oauthlib-1.3.1-150400.12.3.1 * python311-configobj-5.0.8-150400.12.3.1 * python311-fs-2.4.16-150400.9.3.1 * python311-rtslib-fb-2.1.75-150400.6.3.1 * python311-readme_renderer-41.0-150400.9.3.1 * python311-hanzidentifier-1.1.0-150400.9.3.1 * python311-google-auth-2.17.3-150400.6.3.1 * python311-loguru-0.7.0-150400.9.3.1 * python311-oauthlib-3.2.2-150400.12.3.1 * python311-pyperclip-1.8.2-150400.12.3.1 * python311-websocket-client-1.5.1-150400.13.3.1 * python311-cached-property-1.5.2-150400.10.3.1 * python311-pipx-1.2.0-150400.9.3.1 * python311-tqdm-4.66.1-150400.9.3.1 * python311-tabulate-0.9.0-150400.11.3.1 * python311-smartypants-2.0.1-150400.3.3.1 * python311-PyJWT-2.8.0-150400.8.3.1 * python311-cachetools-5.3.1-150400.8.3.1 * python311-fastimport-0.9.14-150400.3.3.1 * python311-shellingham-1.5.0-150400.9.3.1 * python311-hypothesis-6.82.7-150400.3.6.1 * python311-portend-3.1.0-150400.7.3.1 * python311-invocations-3.0.2-150400.9.3.1 * python311-jsonpatch-1.32-150400.10.3.1 * python311-orderedmultidict-1.0.1-150400.9.3.1 * python311-lexicon-2.0.1-150400.10.3.1 * python311-pyxdg-0.28-150400.7.3.1 * python311-hatch-1.7.0-150400.9.3.1 * python311-munch-3.0.0-150400.11.3.1 * python311-jedi-0.19.0-150400.11.3.1 * python311-colorama-0.4.6-150400.5.3.1 * python311-pure-eval-0.2.2-150400.9.3.1 * python311-tomlkit-0.12.1-150400.10.3.1 * python311-astroid-2.15.6-150400.11.3.1 * python311-paramiko-3.3.1-150400.13.3.1 * python311-ecdsa-0.18.0-150400.12.3.1 * python311-littleutils-0.2.2-150400.9.3.1 * python311-cppy-1.2.1-150400.9.3.1 * python-tqdm-bash-completion-4.66.1-150400.9.3.1 * python311-sphinxcontrib-1.0.1-150400.13.3.1 * python311-fluidity-sm-0.2.0-150400.10.3.1 * python311-testscenarios-0.5.0-150400.11.3.1 * python311-releases-2.1.1-150400.9.3.1 * python311-typeguard-4.0.0-150400.9.3.1 * python311-asttokens-2.4.0-150400.9.3.1 * python311-capturer-3.0-150400.9.3.1 * python311-pkginfo-1.9.6-150400.7.3.1 * python311-pytest-randomly-3.13.0-150400.9.3.1 * python311-opentelemetry-api-1.17.0-150400.10.3.1 * python311-tornado-6.3.2-150400.12.3.1 * python-paramiko-doc-3.3.1-150400.13.3.1 * python311-keyring-24.2.0-150400.5.3.1 * python311-linecache2-1.0.0-150400.11.3.1 * python311-prompt_toolkit-3.0.38-150400.9.3.1 * python311-gast-0.5.3-150400.9.3.1 * python311-FormEncode-2.0.1-150400.9.3.1 * python311-bleach-6.0.0-150400.9.3.1 * python311-pytest-7.4.2-150400.3.6.1 * python311-CommonMark-0.9.1-150400.9.3.1 * python311-pytest-relaxed-2.0.1-150400.12.3.1 * python311-requests-mock-1.10.0-150400.7.3.1 * python311-munkres-1.1.4-150400.9.3.1 * python311-furl-2.1.3-150400.9.3.1 * python311-pytoml-0.1.21-150400.9.3.1 * python311-portalocker-2.7.0-150400.10.3.1 * python311-humanfriendly-10.0-150400.13.3.1 * python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.6.1 * python311-zhon-1.1.5-150400.9.3.1 * python311-wcwidth-0.2.6-150400.10.3.1 * python311-SecretStorage-3.3.3-150400.5.3.1 * python311-testtools-2.6.0-150400.12.3.1 * python311-dragonmapper-0.2.6-150400.9.3.1 * python311-prettytable-3.8.0-150400.9.3.1 * python311-rsa-4.9-150400.12.3.1 * python311-tempora-5.5.0-150400.7.3.1 * python311-pyftpdlib-1.5.7-150400.9.3.1 * python311-pbr-5.11.1-150400.14.3.1 * python311-pyinotify-0.9.6-150400.13.3.1 * python311-traceback2-1.4.0-150400.11.3.1 * python311-rfc3986-2.0.0-150400.12.3.1 * python311-jeepney-0.8.0-150400.5.3.1 * python311-configshell-fb-1.1.30-150400.8.3.1 * python311-invoke-2.1.2-150400.10.3.1 * python311-pymemcache-4.0.0-150400.14.3.1 * python311-beniget-0.4.1-150400.9.3.1 * python311-future-0.18.3-150400.6.3.1 * python311-ply-3.11-150400.12.3.1 * python311-Sphinx-7.2.6-150400.3.6.1 * python311-pyudev-0.24.1-150400.3.3.1 * python311-pytest-lazy-fixture-0.6.3-150400.9.3.1 * python311-tox-3.26.0-150400.15.3.1 * python311-backcall-0.2.0-150400.9.3.1 * python311-pyproject-metadata-0.7.1-150400.9.3.1 * python311-python-magic-0.4.27-150400.9.3.1 * python311-fixtures-4.1.0-150400.12.3.1 * python311-python-mimeparse-1.6.0-150400.12.3.1 * python311-urllib3-2.0.7-150400.7.10.1 * python311-testresources-2.0.1-150400.11.3.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-kiwisolver-debuginfo-1.4.4-150400.7.3.1 * python-gssapi-debugsource-1.8.2-150400.5.3.1 * python311-gobject-cairo-3.44.1-150400.3.7.1 * python311-gssapi-1.8.2-150400.5.3.1 * python311-pycairo-debuginfo-1.23.0-150400.3.3.1 * python311-zopfli-0.2.3-150400.9.5.1 * python311-pysendfile-2.0.1-150400.9.3.1 * python311-gobject-3.44.1-150400.3.7.1 * python311-zstd-1.5.5.1-150400.9.3.1 * python311-gobject-debuginfo-3.44.1-150400.3.7.1 * python311-netifaces-debuginfo-0.11.0-150400.11.3.1 * python311-gobject-Gdk-3.44.1-150400.3.7.1 * python311-dmidecode-3.12.3-150400.14.6.1 * python311-gssapi-debuginfo-1.8.2-150400.5.3.1 * python311-pylibmc-1.6.3-150400.7.3.1 * python311-zstd-debuginfo-1.5.5.1-150400.9.3.1 * python311-contourpy-1.0.7-150400.9.3.1 * python311-urwid-debuginfo-2.1.2-150400.11.3.1 * python311-netifaces-0.11.0-150400.11.3.1 * python311-contourpy-debuginfo-1.0.7-150400.9.3.1 * python311-psycopg2-2.9.7-150400.12.3.1 * python311-pycairo-1.23.0-150400.3.3.1 * python311-zopfli-debuginfo-0.2.3-150400.9.5.1 * python311-urwid-2.1.2-150400.11.3.1 * python-maxminddb-debugsource-2.4.0-150400.9.5.1 * python-dmidecode-debugsource-3.12.3-150400.14.6.1 * python311-cmarkgfm-2022.10.27-150400.9.3.1 * python311-pysendfile-debuginfo-2.0.1-150400.9.3.1 * python311-gobject-devel-3.44.1-150400.3.7.1 * python311-scandir-1.10.0-150400.10.3.1 * python311-maxminddb-2.4.0-150400.9.5.1 * python311-lazy-object-proxy-debuginfo-1.9.0-150400.11.3.1 * python-gobject-debugsource-3.44.1-150400.3.7.1 * python311-dmidecode-debuginfo-3.12.3-150400.14.6.1 * python-contourpy-debugsource-1.0.7-150400.9.3.1 * python-psycopg2-debugsource-2.9.7-150400.12.3.1 * python311-cmarkgfm-debuginfo-2022.10.27-150400.9.3.1 * python-urwid-debugsource-2.1.2-150400.11.3.1 * python311-gobject-cairo-debuginfo-3.44.1-150400.3.7.1 * python311-pycairo-devel-1.23.0-150400.3.3.1 * python311-psycopg2-debuginfo-2.9.7-150400.12.3.1 * python-gobject-debuginfo-3.44.1-150400.3.7.1 * python-pysendfile-debugsource-2.0.1-150400.9.3.1 * python-zopfli-debugsource-0.2.3-150400.9.5.1 * python311-astunparse-1.6.3-150400.9.3.1 * python311-lazy-object-proxy-1.9.0-150400.11.3.1 * python311-maxminddb-debuginfo-2.4.0-150400.9.5.1 * python-lazy-object-proxy-debugsource-1.9.0-150400.11.3.1 * python-pycairo-debugsource-1.23.0-150400.3.3.1 * python-pylibmc-debugsource-1.6.3-150400.7.3.1 * python311-kiwisolver-1.4.4-150400.7.3.1 * python311-pylibmc-debuginfo-1.6.3-150400.7.3.1 * python-kiwisolver-debugsource-1.4.4-150400.7.3.1 * python-zstd-debugsource-1.5.5.1-150400.9.3.1 * python-netifaces-debugsource-0.11.0-150400.11.3.1 * python-cmarkgfm-debugsource-2022.10.27-150400.9.3.1 * Python 3 Module 15-SP5 (noarch) * python311-twine-4.0.2-150400.9.3.1 * python311-traitlets-5.10.0-150400.9.3.1 * python311-coloredlogs-15.0.1-150400.9.3.1 * python311-verboselogs-1.7-150400.9.3.1 * python311-Sphinx-latex-7.2.6-150400.3.6.1 * python311-requests-futures-1.0.1-150400.9.3.1 * python311-prometheus-client-0.17.0-150400.11.3.1 * python311-pickleshare-0.7.5-150400.9.3.1 * python311-purl-1.6-150400.7.3.1 * python311-argcomplete-3.1.2-150400.12.5.1 * python311-blessings-1.7-150400.9.3.1 * python311-Cycler-0.11.0-150400.11.3.1 * python311-k5test-0.10.3-150400.9.3.1 * python311-userpath-1.9.0-150400.9.3.1 * python311-executing-1.2.0-150400.9.3.1 * python311-Paver-1.3.4-150400.3.3.4 * python311-cogapp-3.3.0-150400.3.3.1 * python311-pytest-localserver-0.8.0-150400.7.3.1 * python311-pyu2f-0.1.5a-150400.9.3.1 * python311-sphinxcontrib-apidoc-0.4.0-150400.10.5.1 * python311-stack-data-0.6.2-150400.9.3.1 * python311-requests-oauthlib-1.3.1-150400.12.3.1 * python311-configobj-5.0.8-150400.12.3.1 * python311-fs-2.4.16-150400.9.3.1 * python311-rtslib-fb-2.1.75-150400.6.3.1 * python311-readme_renderer-41.0-150400.9.3.1 * python311-hanzidentifier-1.1.0-150400.9.3.1 * python311-google-auth-2.17.3-150400.6.3.1 * python311-loguru-0.7.0-150400.9.3.1 * python311-oauthlib-3.2.2-150400.12.3.1 * python311-pyperclip-1.8.2-150400.12.3.1 * python311-websocket-client-1.5.1-150400.13.3.1 * python311-cached-property-1.5.2-150400.10.3.1 * python311-pipx-1.2.0-150400.9.3.1 * python311-tqdm-4.66.1-150400.9.3.1 * python311-tabulate-0.9.0-150400.11.3.1 * python311-smartypants-2.0.1-150400.3.3.1 * python311-PyJWT-2.8.0-150400.8.3.1 * python311-cachetools-5.3.1-150400.8.3.1 * python311-fastimport-0.9.14-150400.3.3.1 * python311-shellingham-1.5.0-150400.9.3.1 * python311-hypothesis-6.82.7-150400.3.6.1 * python311-portend-3.1.0-150400.7.3.1 * python311-invocations-3.0.2-150400.9.3.1 * python311-jsonpatch-1.32-150400.10.3.1 * python311-orderedmultidict-1.0.1-150400.9.3.1 * python311-lexicon-2.0.1-150400.10.3.1 * python311-pyxdg-0.28-150400.7.3.1 * python311-hatch-1.7.0-150400.9.3.1 * python311-munch-3.0.0-150400.11.3.1 * python311-jedi-0.19.0-150400.11.3.1 * python311-colorama-0.4.6-150400.5.3.1 * python311-pure-eval-0.2.2-150400.9.3.1 * python311-tomlkit-0.12.1-150400.10.3.1 * python311-astroid-2.15.6-150400.11.3.1 * python311-paramiko-3.3.1-150400.13.3.1 * python311-ecdsa-0.18.0-150400.12.3.1 * python311-littleutils-0.2.2-150400.9.3.1 * python311-cppy-1.2.1-150400.9.3.1 * python-tqdm-bash-completion-4.66.1-150400.9.3.1 * python311-sphinxcontrib-1.0.1-150400.13.3.1 * python311-fluidity-sm-0.2.0-150400.10.3.1 * python311-testscenarios-0.5.0-150400.11.3.1 * python311-releases-2.1.1-150400.9.3.1 * python311-typeguard-4.0.0-150400.9.3.1 * python311-asttokens-2.4.0-150400.9.3.1 * python311-capturer-3.0-150400.9.3.1 * python311-pkginfo-1.9.6-150400.7.3.1 * python311-pytest-randomly-3.13.0-150400.9.3.1 * python311-opentelemetry-api-1.17.0-150400.10.3.1 * python311-tornado-6.3.2-150400.12.3.1 * python-paramiko-doc-3.3.1-150400.13.3.1 * python311-keyring-24.2.0-150400.5.3.1 * python311-linecache2-1.0.0-150400.11.3.1 * python311-prompt_toolkit-3.0.38-150400.9.3.1 * python311-gast-0.5.3-150400.9.3.1 * python311-FormEncode-2.0.1-150400.9.3.1 * python311-bleach-6.0.0-150400.9.3.1 * python311-pytest-7.4.2-150400.3.6.1 * python311-CommonMark-0.9.1-150400.9.3.1 * python311-pytest-relaxed-2.0.1-150400.12.3.1 * python311-requests-mock-1.10.0-150400.7.3.1 * python311-munkres-1.1.4-150400.9.3.1 * python311-furl-2.1.3-150400.9.3.1 * python311-pytoml-0.1.21-150400.9.3.1 * python311-portalocker-2.7.0-150400.10.3.1 * python311-humanfriendly-10.0-150400.13.3.1 * python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.6.1 * python311-zhon-1.1.5-150400.9.3.1 * python311-wcwidth-0.2.6-150400.10.3.1 * python311-SecretStorage-3.3.3-150400.5.3.1 * python311-testtools-2.6.0-150400.12.3.1 * python311-dragonmapper-0.2.6-150400.9.3.1 * python311-prettytable-3.8.0-150400.9.3.1 * python311-rsa-4.9-150400.12.3.1 * python311-tempora-5.5.0-150400.7.3.1 * python311-pyftpdlib-1.5.7-150400.9.3.1 * python311-pbr-5.11.1-150400.14.3.1 * python311-pyinotify-0.9.6-150400.13.3.1 * python311-traceback2-1.4.0-150400.11.3.1 * python311-rfc3986-2.0.0-150400.12.3.1 * python311-jeepney-0.8.0-150400.5.3.1 * python311-configshell-fb-1.1.30-150400.8.3.1 * python311-invoke-2.1.2-150400.10.3.1 * python311-pymemcache-4.0.0-150400.14.3.1 * python311-beniget-0.4.1-150400.9.3.1 * python311-future-0.18.3-150400.6.3.1 * python311-ply-3.11-150400.12.3.1 * python311-Sphinx-7.2.6-150400.3.6.1 * python311-pyudev-0.24.1-150400.3.3.1 * python311-pytest-lazy-fixture-0.6.3-150400.9.3.1 * python311-tox-3.26.0-150400.15.3.1 * python311-backcall-0.2.0-150400.9.3.1 * python311-pyproject-metadata-0.7.1-150400.9.3.1 * python311-python-magic-0.4.27-150400.9.3.1 * python311-fixtures-4.1.0-150400.12.3.1 * python311-python-mimeparse-1.6.0-150400.12.3.1 * python311-urllib3-2.0.7-150400.7.10.1 * python311-testresources-2.0.1-150400.11.3.1 * openSUSE Leap 15.4 (noarch) * python311-twine-4.0.2-150400.9.3.1 * python311-traitlets-5.10.0-150400.9.3.1 * python311-coloredlogs-15.0.1-150400.9.3.1 * python311-verboselogs-1.7-150400.9.3.1 * python311-Sphinx-latex-7.2.6-150400.3.6.1 * python311-requests-futures-1.0.1-150400.9.3.1 * python311-prometheus-client-0.17.0-150400.11.3.1 * python311-pickleshare-0.7.5-150400.9.3.1 * python311-purl-1.6-150400.7.3.1 * python311-argcomplete-3.1.2-150400.12.5.1 * python311-blessings-1.7-150400.9.3.1 * python311-Cycler-0.11.0-150400.11.3.1 * python311-k5test-0.10.3-150400.9.3.1 * python311-userpath-1.9.0-150400.9.3.1 * python311-executing-1.2.0-150400.9.3.1 * python311-Paver-1.3.4-150400.3.3.4 * python311-cogapp-3.3.0-150400.3.3.1 * python311-pytest-localserver-0.8.0-150400.7.3.1 * python311-pyu2f-0.1.5a-150400.9.3.1 * python311-sphinxcontrib-apidoc-0.4.0-150400.10.5.1 * python311-stack-data-0.6.2-150400.9.3.1 * python311-requests-oauthlib-1.3.1-150400.12.3.1 * python311-configobj-5.0.8-150400.12.3.1 * python311-fs-2.4.16-150400.9.3.1 * python311-rtslib-fb-2.1.75-150400.6.3.1 * python311-readme_renderer-41.0-150400.9.3.1 * python311-hanzidentifier-1.1.0-150400.9.3.1 * python311-google-auth-2.17.3-150400.6.3.1 * python311-loguru-0.7.0-150400.9.3.1 * python311-oauthlib-3.2.2-150400.12.3.1 * python311-pyperclip-1.8.2-150400.12.3.1 * python311-websocket-client-1.5.1-150400.13.3.1 * python311-cached-property-1.5.2-150400.10.3.1 * python311-pipx-1.2.0-150400.9.3.1 * python311-tqdm-4.66.1-150400.9.3.1 * python311-tabulate-0.9.0-150400.11.3.1 * python311-smartypants-2.0.1-150400.3.3.1 * python311-PyJWT-2.8.0-150400.8.3.1 * python311-cachetools-5.3.1-150400.8.3.1 * python311-fastimport-0.9.14-150400.3.3.1 * python311-shellingham-1.5.0-150400.9.3.1 * python311-hypothesis-6.82.7-150400.3.6.1 * python311-portend-3.1.0-150400.7.3.1 * python311-invocations-3.0.2-150400.9.3.1 * python311-jsonpatch-1.32-150400.10.3.1 * python311-orderedmultidict-1.0.1-150400.9.3.1 * python311-lexicon-2.0.1-150400.10.3.1 * python311-pyxdg-0.28-150400.7.3.1 * python311-hatch-1.7.0-150400.9.3.1 * python311-munch-3.0.0-150400.11.3.1 * python311-jedi-0.19.0-150400.11.3.1 * python311-colorama-0.4.6-150400.5.3.1 * python311-pure-eval-0.2.2-150400.9.3.1 * python311-tomlkit-0.12.1-150400.10.3.1 * python311-astroid-2.15.6-150400.11.3.1 * python311-paramiko-3.3.1-150400.13.3.1 * python311-ecdsa-0.18.0-150400.12.3.1 * python311-littleutils-0.2.2-150400.9.3.1 * python311-cppy-1.2.1-150400.9.3.1 * python-tqdm-bash-completion-4.66.1-150400.9.3.1 * python311-sphinxcontrib-1.0.1-150400.13.3.1 * python311-fluidity-sm-0.2.0-150400.10.3.1 * python311-testscenarios-0.5.0-150400.11.3.1 * python311-releases-2.1.1-150400.9.3.1 * python311-typeguard-4.0.0-150400.9.3.1 * python311-asttokens-2.4.0-150400.9.3.1 * python311-capturer-3.0-150400.9.3.1 * python311-pkginfo-1.9.6-150400.7.3.1 * python311-pytest-randomly-3.13.0-150400.9.3.1 * python311-opentelemetry-api-1.17.0-150400.10.3.1 * python311-tornado-6.3.2-150400.12.3.1 * python-paramiko-doc-3.3.1-150400.13.3.1 * python311-keyring-24.2.0-150400.5.3.1 * python311-linecache2-1.0.0-150400.11.3.1 * python311-prompt_toolkit-3.0.38-150400.9.3.1 * python311-gast-0.5.3-150400.9.3.1 * python311-FormEncode-2.0.1-150400.9.3.1 * python311-bleach-6.0.0-150400.9.3.1 * python311-pytest-7.4.2-150400.3.6.1 * python311-CommonMark-0.9.1-150400.9.3.1 * python311-pytest-relaxed-2.0.1-150400.12.3.1 * python311-requests-mock-1.10.0-150400.7.3.1 * python311-munkres-1.1.4-150400.9.3.1 * python311-furl-2.1.3-150400.9.3.1 * python311-portalocker-2.7.0-150400.10.3.1 * python311-pytoml-0.1.21-150400.9.3.1 * python311-humanfriendly-10.0-150400.13.3.1 * python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.6.1 * python311-zhon-1.1.5-150400.9.3.1 * python311-wcwidth-0.2.6-150400.10.3.1 * python311-SecretStorage-3.3.3-150400.5.3.1 * python311-testtools-2.6.0-150400.12.3.1 * python311-dragonmapper-0.2.6-150400.9.3.1 * python311-prettytable-3.8.0-150400.9.3.1 * python311-rsa-4.9-150400.12.3.1 * python311-tempora-5.5.0-150400.7.3.1 * python311-pyftpdlib-1.5.7-150400.9.3.1 * python311-pbr-5.11.1-150400.14.3.1 * python311-pyinotify-0.9.6-150400.13.3.1 * python311-traceback2-1.4.0-150400.11.3.1 * python311-rfc3986-2.0.0-150400.12.3.1 * python311-jeepney-0.8.0-150400.5.3.1 * python311-configshell-fb-1.1.30-150400.8.3.1 * python311-invoke-2.1.2-150400.10.3.1 * python311-pymemcache-4.0.0-150400.14.3.1 * python311-beniget-0.4.1-150400.9.3.1 * python311-future-0.18.3-150400.6.3.1 * python311-ply-3.11-150400.12.3.1 * python311-Sphinx-7.2.6-150400.3.6.1 * python311-pyudev-0.24.1-150400.3.3.1 * python311-pytest-lazy-fixture-0.6.3-150400.9.3.1 * python311-tox-3.26.0-150400.15.3.1 * python311-backcall-0.2.0-150400.9.3.1 * python311-pyproject-metadata-0.7.1-150400.9.3.1 * python311-python-magic-0.4.27-150400.9.3.1 * python311-fixtures-4.1.0-150400.12.3.1 * python311-python-mimeparse-1.6.0-150400.12.3.1 * python311-urllib3-2.0.7-150400.7.10.1 * python311-testresources-2.0.1-150400.11.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * zopfli-debuginfo-1.0.3-150400.9.3.2 * python311-kiwisolver-debuginfo-1.4.4-150400.7.3.1 * python-gssapi-debugsource-1.8.2-150400.5.3.1 * python311-gobject-cairo-3.44.1-150400.3.7.1 * python311-gssapi-1.8.2-150400.5.3.1 * python311-pycairo-debuginfo-1.23.0-150400.3.3.1 * python311-zopfli-0.2.3-150400.9.5.1 * python311-pysendfile-2.0.1-150400.9.3.1 * python311-gobject-3.44.1-150400.3.7.1 * python311-zstd-1.5.5.1-150400.9.3.1 * python311-gobject-debuginfo-3.44.1-150400.3.7.1 * python311-netifaces-debuginfo-0.11.0-150400.11.3.1 * python311-gobject-Gdk-3.44.1-150400.3.7.1 * python311-dmidecode-3.12.3-150400.14.6.1 * python311-gssapi-debuginfo-1.8.2-150400.5.3.1 * python311-pylibmc-1.6.3-150400.7.3.1 * python311-zstd-debuginfo-1.5.5.1-150400.9.3.1 * xclip-0.13-150400.9.3.1 * python311-contourpy-1.0.7-150400.9.3.1 * python311-urwid-debuginfo-2.1.2-150400.11.3.1 * xclip-debugsource-0.13-150400.9.3.1 * xclip-debuginfo-0.13-150400.9.3.1 * zopfli-1.0.3-150400.9.3.2 * python311-netifaces-0.11.0-150400.11.3.1 * python311-contourpy-debuginfo-1.0.7-150400.9.3.1 * python311-psycopg2-2.9.7-150400.12.3.1 * python311-pycairo-1.23.0-150400.3.3.1 * libzopflipng1-1.0.3-150400.9.3.2 * python311-zopfli-debuginfo-0.2.3-150400.9.5.1 * python311-urwid-2.1.2-150400.11.3.1 * python-maxminddb-debugsource-2.4.0-150400.9.5.1 * python-dmidecode-debugsource-3.12.3-150400.14.6.1 * python311-cmarkgfm-2022.10.27-150400.9.3.1 * python311-pysendfile-debuginfo-2.0.1-150400.9.3.1 * zopfli-debugsource-1.0.3-150400.9.3.2 * python311-gobject-devel-3.44.1-150400.3.7.1 * python311-scandir-1.10.0-150400.10.3.1 * python311-maxminddb-2.4.0-150400.9.5.1 * python311-lazy-object-proxy-debuginfo-1.9.0-150400.11.3.1 * python-gobject-debugsource-3.44.1-150400.3.7.1 * python311-dmidecode-debuginfo-3.12.3-150400.14.6.1 * python-contourpy-debugsource-1.0.7-150400.9.3.1 * python311-gobject-cairo-debuginfo-3.44.1-150400.3.7.1 * python311-cmarkgfm-debuginfo-2022.10.27-150400.9.3.1 * python-psycopg2-debugsource-2.9.7-150400.12.3.1 * python311-pycairo-devel-1.23.0-150400.3.3.1 * python-urwid-debugsource-2.1.2-150400.11.3.1 * python311-psycopg2-debuginfo-2.9.7-150400.12.3.1 * xsel-1.2.0-150400.9.3.1 * python-gobject-debuginfo-3.44.1-150400.3.7.1 * python-pysendfile-debugsource-2.0.1-150400.9.3.1 * libzopfli1-1.0.3-150400.9.3.2 * python311-astunparse-1.6.3-150400.9.3.1 * python311-maxminddb-debuginfo-2.4.0-150400.9.5.1 * python311-lazy-object-proxy-1.9.0-150400.11.3.1 * python-zopfli-debugsource-0.2.3-150400.9.5.1 * libzopflipng1-debuginfo-1.0.3-150400.9.3.2 * python-lazy-object-proxy-debugsource-1.9.0-150400.11.3.1 * python-pycairo-debugsource-1.23.0-150400.3.3.1 * libzopfli-devel-1.0.3-150400.9.3.2 * python-pylibmc-debugsource-1.6.3-150400.7.3.1 * xsel-debugsource-1.2.0-150400.9.3.1 * python311-kiwisolver-1.4.4-150400.7.3.1 * python311-pylibmc-debuginfo-1.6.3-150400.7.3.1 * python-kiwisolver-debugsource-1.4.4-150400.7.3.1 * python-zstd-debugsource-1.5.5.1-150400.9.3.1 * xsel-debuginfo-1.2.0-150400.9.3.1 * python-netifaces-debugsource-0.11.0-150400.11.3.1 * libzopfli1-debuginfo-1.0.3-150400.9.3.2 * python-cmarkgfm-debugsource-2022.10.27-150400.9.3.1 * openSUSE Leap 15.4 (x86_64) * libzopflipng1-32bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-32bit-1.0.3-150400.9.3.2 * libzopflipng1-32bit-1.0.3-150400.9.3.2 * libzopfli1-32bit-debuginfo-1.0.3-150400.9.3.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libzopfli1-64bit-1.0.3-150400.9.3.2 * libzopflipng1-64bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-64bit-debuginfo-1.0.3-150400.9.3.2 * libzopflipng1-64bit-1.0.3-150400.9.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zopfli-debuginfo-1.0.3-150400.9.3.2 * python311-kiwisolver-debuginfo-1.4.4-150400.7.3.1 * python-gssapi-debugsource-1.8.2-150400.5.3.1 * python311-gobject-cairo-3.44.1-150400.3.7.1 * python311-gssapi-1.8.2-150400.5.3.1 * python311-pycairo-debuginfo-1.23.0-150400.3.3.1 * python311-zopfli-0.2.3-150400.9.5.1 * python311-pysendfile-2.0.1-150400.9.3.1 * python311-gobject-3.44.1-150400.3.7.1 * python311-zstd-1.5.5.1-150400.9.3.1 * python311-gobject-debuginfo-3.44.1-150400.3.7.1 * python311-netifaces-debuginfo-0.11.0-150400.11.3.1 * python311-gobject-Gdk-3.44.1-150400.3.7.1 * python311-dmidecode-3.12.3-150400.14.6.1 * python311-gssapi-debuginfo-1.8.2-150400.5.3.1 * python311-pylibmc-1.6.3-150400.7.3.1 * python311-zstd-debuginfo-1.5.5.1-150400.9.3.1 * xclip-0.13-150400.9.3.1 * python311-contourpy-1.0.7-150400.9.3.1 * python311-urwid-debuginfo-2.1.2-150400.11.3.1 * xclip-debugsource-0.13-150400.9.3.1 * xclip-debuginfo-0.13-150400.9.3.1 * zopfli-1.0.3-150400.9.3.2 * python311-netifaces-0.11.0-150400.11.3.1 * python311-pycairo-devel-1.23.0-150400.3.3.1 * python311-contourpy-debuginfo-1.0.7-150400.9.3.1 * python311-psycopg2-2.9.7-150400.12.3.1 * python311-pycairo-1.23.0-150400.3.3.1 * libzopflipng1-1.0.3-150400.9.3.2 * python311-zopfli-debuginfo-0.2.3-150400.9.5.1 * python311-urwid-2.1.2-150400.11.3.1 * python-maxminddb-debugsource-2.4.0-150400.9.5.1 * python-dmidecode-debugsource-3.12.3-150400.14.6.1 * python311-cmarkgfm-2022.10.27-150400.9.3.1 * python311-pysendfile-debuginfo-2.0.1-150400.9.3.1 * zopfli-debugsource-1.0.3-150400.9.3.2 * python311-gobject-devel-3.44.1-150400.3.7.1 * python311-scandir-1.10.0-150400.10.3.1 * python311-maxminddb-2.4.0-150400.9.5.1 * python311-lazy-object-proxy-debuginfo-1.9.0-150400.11.3.1 * python-gobject-debugsource-3.44.1-150400.3.7.1 * python311-dmidecode-debuginfo-3.12.3-150400.14.6.1 * python-contourpy-debugsource-1.0.7-150400.9.3.1 * libzopfli1-1.0.3-150400.9.3.2 * python-psycopg2-debugsource-2.9.7-150400.12.3.1 * libzopfli1-debuginfo-1.0.3-150400.9.3.2 * python-urwid-debugsource-2.1.2-150400.11.3.1 * python311-cmarkgfm-debuginfo-2022.10.27-150400.9.3.1 * python311-gobject-cairo-debuginfo-3.44.1-150400.3.7.1 * libzopflipng1-debuginfo-1.0.3-150400.9.3.2 * python-gobject-debuginfo-3.44.1-150400.3.7.1 * python-pysendfile-debugsource-2.0.1-150400.9.3.1 * python311-psycopg2-debuginfo-2.9.7-150400.12.3.1 * python-zopfli-debugsource-0.2.3-150400.9.5.1 * python311-astunparse-1.6.3-150400.9.3.1 * python311-lazy-object-proxy-1.9.0-150400.11.3.1 * python311-maxminddb-debuginfo-2.4.0-150400.9.5.1 * xsel-1.2.0-150400.9.3.1 * python-lazy-object-proxy-debugsource-1.9.0-150400.11.3.1 * libzopfli-devel-1.0.3-150400.9.3.2 * python-pycairo-debugsource-1.23.0-150400.3.3.1 * python-pylibmc-debugsource-1.6.3-150400.7.3.1 * xsel-debugsource-1.2.0-150400.9.3.1 * python311-kiwisolver-1.4.4-150400.7.3.1 * python311-pylibmc-debuginfo-1.6.3-150400.7.3.1 * python-kiwisolver-debugsource-1.4.4-150400.7.3.1 * python-zstd-debugsource-1.5.5.1-150400.9.3.1 * xsel-debuginfo-1.2.0-150400.9.3.1 * python-netifaces-debugsource-0.11.0-150400.11.3.1 * python-cmarkgfm-debugsource-2022.10.27-150400.9.3.1 * openSUSE Leap 15.5 (x86_64) * libzopflipng1-32bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-32bit-1.0.3-150400.9.3.2 * libzopflipng1-32bit-1.0.3-150400.9.3.2 * libzopfli1-32bit-debuginfo-1.0.3-150400.9.3.2 * openSUSE Leap 15.5 (noarch) * python311-twine-4.0.2-150400.9.3.1 * python311-traitlets-5.10.0-150400.9.3.1 * python311-coloredlogs-15.0.1-150400.9.3.1 * python311-verboselogs-1.7-150400.9.3.1 * python311-Sphinx-latex-7.2.6-150400.3.6.1 * python311-requests-futures-1.0.1-150400.9.3.1 * python311-prometheus-client-0.17.0-150400.11.3.1 * python311-pickleshare-0.7.5-150400.9.3.1 * python311-purl-1.6-150400.7.3.1 * python311-argcomplete-3.1.2-150400.12.5.1 * python311-blessings-1.7-150400.9.3.1 * python311-Cycler-0.11.0-150400.11.3.1 * python311-k5test-0.10.3-150400.9.3.1 * python311-userpath-1.9.0-150400.9.3.1 * python311-executing-1.2.0-150400.9.3.1 * python311-Paver-1.3.4-150400.3.3.4 * python311-cogapp-3.3.0-150400.3.3.1 * python311-pytest-localserver-0.8.0-150400.7.3.1 * python311-pyu2f-0.1.5a-150400.9.3.1 * python311-sphinxcontrib-apidoc-0.4.0-150400.10.5.1 * python311-stack-data-0.6.2-150400.9.3.1 * python311-requests-oauthlib-1.3.1-150400.12.3.1 * python311-configobj-5.0.8-150400.12.3.1 * python311-fs-2.4.16-150400.9.3.1 * python311-rtslib-fb-2.1.75-150400.6.3.1 * python311-readme_renderer-41.0-150400.9.3.1 * python311-hanzidentifier-1.1.0-150400.9.3.1 * python311-google-auth-2.17.3-150400.6.3.1 * python311-loguru-0.7.0-150400.9.3.1 * python311-oauthlib-3.2.2-150400.12.3.1 * python311-pyperclip-1.8.2-150400.12.3.1 * python311-websocket-client-1.5.1-150400.13.3.1 * python311-cached-property-1.5.2-150400.10.3.1 * python311-pipx-1.2.0-150400.9.3.1 * python311-tqdm-4.66.1-150400.9.3.1 * python311-tabulate-0.9.0-150400.11.3.1 * python311-smartypants-2.0.1-150400.3.3.1 * python311-PyJWT-2.8.0-150400.8.3.1 * python311-cachetools-5.3.1-150400.8.3.1 * python311-fastimport-0.9.14-150400.3.3.1 * python311-shellingham-1.5.0-150400.9.3.1 * python311-hypothesis-6.82.7-150400.3.6.1 * python311-portend-3.1.0-150400.7.3.1 * python311-invocations-3.0.2-150400.9.3.1 * python311-jsonpatch-1.32-150400.10.3.1 * python311-orderedmultidict-1.0.1-150400.9.3.1 * python311-lexicon-2.0.1-150400.10.3.1 * python311-pyxdg-0.28-150400.7.3.1 * python311-hatch-1.7.0-150400.9.3.1 * python311-munch-3.0.0-150400.11.3.1 * python311-jedi-0.19.0-150400.11.3.1 * python311-colorama-0.4.6-150400.5.3.1 * python311-pure-eval-0.2.2-150400.9.3.1 * python311-tomlkit-0.12.1-150400.10.3.1 * python311-astroid-2.15.6-150400.11.3.1 * python311-paramiko-3.3.1-150400.13.3.1 * python311-ecdsa-0.18.0-150400.12.3.1 * python311-littleutils-0.2.2-150400.9.3.1 * python311-cppy-1.2.1-150400.9.3.1 * python-tqdm-bash-completion-4.66.1-150400.9.3.1 * python311-sphinxcontrib-1.0.1-150400.13.3.1 * python311-fluidity-sm-0.2.0-150400.10.3.1 * python311-testscenarios-0.5.0-150400.11.3.1 * python311-releases-2.1.1-150400.9.3.1 * python311-typeguard-4.0.0-150400.9.3.1 * python311-asttokens-2.4.0-150400.9.3.1 * python311-capturer-3.0-150400.9.3.1 * python311-pkginfo-1.9.6-150400.7.3.1 * python311-pytest-randomly-3.13.0-150400.9.3.1 * python311-opentelemetry-api-1.17.0-150400.10.3.1 * python311-tornado-6.3.2-150400.12.3.1 * python-paramiko-doc-3.3.1-150400.13.3.1 * python311-keyring-24.2.0-150400.5.3.1 * python311-linecache2-1.0.0-150400.11.3.1 * python311-prompt_toolkit-3.0.38-150400.9.3.1 * python311-gast-0.5.3-150400.9.3.1 * python311-FormEncode-2.0.1-150400.9.3.1 * python311-bleach-6.0.0-150400.9.3.1 * python311-pytest-7.4.2-150400.3.6.1 * python311-CommonMark-0.9.1-150400.9.3.1 * python311-pytest-relaxed-2.0.1-150400.12.3.1 * python311-requests-mock-1.10.0-150400.7.3.1 * python311-munkres-1.1.4-150400.9.3.1 * python311-furl-2.1.3-150400.9.3.1 * python311-pytoml-0.1.21-150400.9.3.1 * python311-portalocker-2.7.0-150400.10.3.1 * python311-humanfriendly-10.0-150400.13.3.1 * python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.6.1 * python311-zhon-1.1.5-150400.9.3.1 * python311-wcwidth-0.2.6-150400.10.3.1 * python311-SecretStorage-3.3.3-150400.5.3.1 * python311-testtools-2.6.0-150400.12.3.1 * python311-dragonmapper-0.2.6-150400.9.3.1 * python311-prettytable-3.8.0-150400.9.3.1 * python311-rsa-4.9-150400.12.3.1 * python311-tempora-5.5.0-150400.7.3.1 * python311-pyftpdlib-1.5.7-150400.9.3.1 * python311-pbr-5.11.1-150400.14.3.1 * python311-pyinotify-0.9.6-150400.13.3.1 * python311-traceback2-1.4.0-150400.11.3.1 * python311-rfc3986-2.0.0-150400.12.3.1 * python311-jeepney-0.8.0-150400.5.3.1 * python311-configshell-fb-1.1.30-150400.8.3.1 * python311-invoke-2.1.2-150400.10.3.1 * python311-pymemcache-4.0.0-150400.14.3.1 * python311-beniget-0.4.1-150400.9.3.1 * python311-future-0.18.3-150400.6.3.1 * python311-ply-3.11-150400.12.3.1 * python311-Sphinx-7.2.6-150400.3.6.1 * python311-pyudev-0.24.1-150400.3.3.1 * python311-pytest-lazy-fixture-0.6.3-150400.9.3.1 * python311-tox-3.26.0-150400.15.3.1 * python311-backcall-0.2.0-150400.9.3.1 * python311-pyproject-metadata-0.7.1-150400.9.3.1 * python311-python-magic-0.4.27-150400.9.3.1 * python311-fixtures-4.1.0-150400.12.3.1 * python311-python-mimeparse-1.6.0-150400.12.3.1 * python311-urllib3-2.0.7-150400.7.10.1 * python311-testresources-2.0.1-150400.11.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libzopfli1-64bit-1.0.3-150400.9.3.2 * libzopflipng1-64bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-64bit-debuginfo-1.0.3-150400.9.3.2 * libzopflipng1-64bit-1.0.3-150400.9.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zopfli-debuginfo-1.0.3-150400.9.3.2 * xclip-0.13-150400.9.3.1 * libzopfli-devel-1.0.3-150400.9.3.2 * zopfli-debugsource-1.0.3-150400.9.3.2 * xclip-debugsource-0.13-150400.9.3.1 * zopfli-1.0.3-150400.9.3.2 * xclip-debuginfo-0.13-150400.9.3.1 * xsel-debugsource-1.2.0-150400.9.3.1 * libzopfli1-1.0.3-150400.9.3.2 * libzopfli1-debuginfo-1.0.3-150400.9.3.2 * xsel-debuginfo-1.2.0-150400.9.3.1 * xsel-1.2.0-150400.9.3.1 * libzopflipng1-debuginfo-1.0.3-150400.9.3.2 * libzopflipng1-1.0.3-150400.9.3.2 * Basesystem Module 15-SP4 (x86_64) * libzopflipng1-32bit-debuginfo-1.0.3-150400.9.3.2 * libzopfli1-32bit-1.0.3-150400.9.3.2 * libzopflipng1-32bit-1.0.3-150400.9.3.2 * libzopfli1-32bit-debuginfo-1.0.3-150400.9.3.2 ## References: * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4501-1: moderate: Recommended update for patterns-sap Message-ID: <170056980576.16091.5564426995041995113@smelt2.prg2.suse.org> # Recommended update for patterns-sap Announcement ID: SUSE-RU-2023:4501-1 Rating: moderate References: * bsc#1066951 * bsc#1194741 * bsc#1209151 * bsc#1210215 * bsc#1211099 * bsc#1212097 * bsc#1212813 * bsc#1215107 * bsc#1216539 * bsc#1216568 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has 10 fixes can now be installed. ## Description: This update for patterns-sap fixes the following issues: \- Add missing packages for SAP BusinessOne. (bsc#1194741) \- Rename pattern "b1" to "bone" to avoid missleading information to B1. \- Implementation: automatic Setup for SAP BusinessOne. (jsc#PED-3112, jsc#PED-3758) \- Do not require HA and SLES4SAP packages This update for sap-installation-start fixes the following issues: \- Fixed an issue when 'sap-installation-wizard' is not started after the installation with despite the option is set to. (bsc#1066951) This update for sap-installation-wizard fixes the following issues: \- Implementation: automatic Setup for SAP BusinessOne. (jsc#PED-3112, jsc#PED-3758) \- Fixes an issue when the installation wizard does not start despite the option to start after boot has set. (bsc#1066951) \- Fixes an issue when the installation wizard crashes due to wrong number of arguments in logger. (bsc#1211099) \- Fixes an issue when the summary screen is blank in SAP Hana install. (bsc#1210215) \- Fixes an issue when SAP Hana Installation fails. (bsc#1209151) \- Fixes an issue when the SAP Business One installation kit is not found by the wizard. (bsc#1212097) \- Fixes an issue when the SAP Installation Wizard is trying to install configuration file for sapconf but with different content. (bsc#1212813) \- Fixes SAP Business One password policies to match with HANA password policies. (bsc#1215107) \- Fix for sapconf setting for the missing role SAP Business One. (bsc#1216568) \- Default for xs_routing_mode was changed in HANA-2 SP7 (bsc#1216539) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4501=1 openSUSE-SLE-15.4-2023-4501=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4501=1 ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * patterns-sap-15.4-150400.4.5.5 * patterns-sap-bone-15.4-150400.4.5.5 * sap-installation-wizard-4.4.12-150400.3.14.1 * patterns-sap-hana-15.4-150400.4.5.5 * patterns-sap-nw-15.4-150400.4.5.5 * SAP Applications Module 15-SP4 (ppc64le x86_64) * sap-installation-wizard-4.4.12-150400.3.14.1 * patterns-sap-nw-15.4-150400.4.5.5 * patterns-sap-hana-15.4-150400.4.5.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1066951 * https://bugzilla.suse.com/show_bug.cgi?id=1194741 * https://bugzilla.suse.com/show_bug.cgi?id=1209151 * https://bugzilla.suse.com/show_bug.cgi?id=1210215 * https://bugzilla.suse.com/show_bug.cgi?id=1211099 * https://bugzilla.suse.com/show_bug.cgi?id=1212097 * https://bugzilla.suse.com/show_bug.cgi?id=1212813 * https://bugzilla.suse.com/show_bug.cgi?id=1215107 * https://bugzilla.suse.com/show_bug.cgi?id=1216539 * https://bugzilla.suse.com/show_bug.cgi?id=1216568 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4500-1: important: Security update for ucode-intel Message-ID: <170056980895.16091.18309726060414310549@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4500-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4500=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4500=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4500=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4500=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4500=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4500=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4500=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4500=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4500=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4500=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4500=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4500=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4500=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4500=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4500=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4500=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4500=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4500=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4500=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap Micro 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap 15.5 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * ucode-intel-20231114-150200.35.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20231114-150200.35.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20231114-150200.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4499-1: moderate: Security update for avahi Message-ID: <170056981232.16091.8245720662856205411@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4499-1 Rating: moderate References: * bsc#1216419 Cross-References: * CVE-2023-38473 CVSS scores: * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4499=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4499=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.6.32-32.21.1 * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.21.1 * libavahi-gobject-devel-0.6.32-32.21.1 * python-avahi-0.6.32-32.21.1 * libavahi-ui-gtk3-0-0.6.32-32.21.1 * libavahi-gobject0-debuginfo-0.6.32-32.21.1 * libavahi-devel-0.6.32-32.21.1 * avahi-compat-howl-devel-0.6.32-32.21.1 * libhowl0-debuginfo-0.6.32-32.21.1 * libavahi-ui0-debuginfo-0.6.32-32.21.1 * typelib-1_0-Avahi-0_6-0.6.32-32.21.1 * libavahi-glib-devel-0.6.32-32.21.1 * libavahi-gobject0-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-compat-mDNSResponder-devel-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libhowl0-0.6.32-32.21.1 * libavahi-ui0-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.21.1 * libavahi-ui-gtk3-0-0.6.32-32.21.1 * libavahi-gobject0-debuginfo-0.6.32-32.21.1 * libavahi-gobject0-0.6.32-32.21.1 * libavahi-ui0-debuginfo-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-ui0-0.6.32-32.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:14 -0000 Subject: SUSE-RU-2023:4498-1: moderate: Recommended update for kubernetes1.24 Message-ID: <170056981478.16091.3020901984124701921@smelt2.prg2.suse.org> # Recommended update for kubernetes1.24 Announcement ID: SUSE-RU-2023:4498-1 Rating: moderate References: * bsc#1214406 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for kubernetes1.24 fixes the following issues: * Fixes for bsc#1214406 * Update 'Wants' directive in [Unit] section of 'kubelet.service' by replacing 'docker.service' with 'containerd.service' * Add parameter to determine whether packets crossing a bridge are sent to iptables for processing. * Update 'kubeadm.conf' to add 'overlay' kernel module * Update to version 1.24.17: * Release commit for Kubernetes v1.24.17 * Use environment variables for parameters in Powershell and for passing path * Fix capture loop vars in parallel or ginkgo tests * Update protoc check for verify-generated-kms * Bump images, versions and deps to use Go 1.20.7 * Attempt to use AES-GCM before AES-CBC on reads ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4498=1 openSUSE-SLE-15.4-2023-4498=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4498=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-controller-manager-1.24.17-150400.9.11.2 * kubernetes1.24-apiserver-1.24.17-150400.9.11.2 * kubernetes1.24-kubelet-1.24.17-150400.9.11.2 * kubernetes1.24-scheduler-1.24.17-150400.9.11.2 * kubernetes1.24-proxy-1.24.17-150400.9.11.2 * kubernetes1.24-kubeadm-1.24.17-150400.9.11.2 * kubernetes1.24-client-1.24.17-150400.9.11.2 * kubernetes1.24-kubelet-common-1.24.17-150400.9.11.2 * kubernetes1.24-client-common-1.24.17-150400.9.11.2 * openSUSE Leap 15.4 (noarch) * kubernetes1.24-client-fish-completion-1.24.17-150400.9.11.2 * kubernetes1.24-client-bash-completion-1.24.17-150400.9.11.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-1.24.17-150400.9.11.2 * kubernetes1.24-client-common-1.24.17-150400.9.11.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214406 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:21 -0000 Subject: SUSE-RU-2023:4497-1: moderate: Recommended update for kubernetes1.24 Message-ID: <170056982173.16091.12518224535083218643@smelt2.prg2.suse.org> # Recommended update for kubernetes1.24 Announcement ID: SUSE-RU-2023:4497-1 Rating: moderate References: * bsc#1214406 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for kubernetes1.24 fixes the following issues: * Fixes for bsc#1214406 * Update 'Wants' directive in [Unit] section of 'kubelet.service' by replacing 'docker.service' with 'containerd.service' * Add parameter to determine whether packets crossing a bridge are sent to iptables for processing. * Update 'kubeadm.conf' to add 'overlay' kernel module * Update to version 1.24.17: * Release commit for Kubernetes v1.24.17 * Use environment variables for parameters in Powershell and for passing path * Fix capture loop vars in parallel or ginkgo tests * Update protoc check for verify-generated-kms * Bump images, versions and deps to use Go 1.20.7 * Attempt to use AES-GCM before AES-CBC on reads * Update to version 1.24.16: * Bump images, versions and deps to use Go 1.20.6 * Only declare job as finished after removing all finalizers * Bump to cAdvisor v0.44.2 * Fix the git-repo test error caused by the correct use of loop variables * kubeadm: remove function pointer comparison in phase test * Fix to not process unsupported loadbalancers with mixed protocols * make 'MixedProtocolNotSupported' public ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4497=1 openSUSE-SLE-15.5-2023-4497=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4497=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-controller-manager-1.24.17-150500.3.10.2 * kubernetes1.24-proxy-1.24.17-150500.3.10.2 * kubernetes1.24-apiserver-1.24.17-150500.3.10.2 * kubernetes1.24-kubelet-1.24.17-150500.3.10.2 * kubernetes1.24-kubeadm-1.24.17-150500.3.10.2 * kubernetes1.24-client-1.24.17-150500.3.10.2 * kubernetes1.24-client-common-1.24.17-150500.3.10.2 * kubernetes1.24-kubelet-common-1.24.17-150500.3.10.2 * kubernetes1.24-scheduler-1.24.17-150500.3.10.2 * openSUSE Leap 15.5 (noarch) * kubernetes1.24-client-fish-completion-1.24.17-150500.3.10.2 * kubernetes1.24-client-bash-completion-1.24.17-150500.3.10.2 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-1.24.17-150500.3.10.2 * kubernetes1.24-client-common-1.24.17-150500.3.10.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214406 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:24 -0000 Subject: SUSE-SU-2023:4496-1: moderate: Security update for libreoffice Message-ID: <170056982459.16091.4119087134293477977@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2023:4496-1 Rating: moderate References: * bsc#1209243 * bsc#1212444 * bsc#1215595 * jsc#PED-5199 * jsc#PED-6799 * jsc#PED-6800 Cross-References: * CVE-2023-1183 CVSS scores: * CVE-2023-1183 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2023-1183 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800): * For the highlights of changes of version 7.6 please consult the official release notes: * https://wiki.documentfoundation.org/ReleaseNotes/7.6 * You can check for each minor release notes here: * https://wiki.documentfoundation.org/Releases/7.6.2/RC1 * https://wiki.documentfoundation.org/Releases/7.6.1/RC2 * https://wiki.documentfoundation.org/Releases/7.6.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.0/RC3 * https://wiki.documentfoundation.org/Releases/7.6.0/RC2 * https://wiki.documentfoundation.org/Releases/7.6.0/RC1 * Security issues fixed: * CVE-2023-1183: Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243) * Updated bundled dependencies: * boost version update from 1_80_0 to 1_82_0 * curl version update from 8.0.1 to 8.2.1 * icu4c-data version update from 72_1 to 73_2 * icu4c version update from 72_1 to 73_2 * pdfium version update from 5408 to 5778 * poppler version update from 22.12.0 to 23.06.0 * poppler-data version update from 0.4.11 to 0.4.12 * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404 * New bundled dependencies: * graphite2-minimal-1.3.14.tgz * harfbuzz-8.0.0.tar.xz * New build dependencies: * frozen-devel * liborcus-0_18-0 * libixion * mdds-2_1 * New runtime dependencies: * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595) frozen was implemented: * New Libreoffice package dependency libixion was updated to version 0.18.1: * Updated to 0.18.1: * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on two 32-bit unsigned integer types being used with std::variant. * Updated to 0.18.0: * Removed the formula_model_access interface from model_context, and switched to using model_context directly everywhere. * Revised formula_tokens_t type to remove use of std::unique_ptr for each formula_token instance. This should improve memory locality when iterating through an array of formula token values. A similar change has also been made to lexer_tokens_t and lexer_token types. * Added 41 built-in functions * Added support for multi-sheet references in Excel A1 and Excel R1C1 grammers. liborcus was updated to version 0.18.1: * Updated to 0.18.1: * sax parser: * added support for optionally skipping multiple BOM's in the beginning of XML stream. This affects all XML-based file format filters such as xls-xml (aka Excel 2003 XML). * xml-map: * fixed a bug where an XML document consisting of simple single-column records were not properly converted to sheet data * xls-xml: * fixed a bug where the filter would always pass border color even when it was not set * buildsystem: * added new configure switches --without-benchmark and --without-doc-example to optinally skip building of these two directories mdds-2_1 was implemented: * New Libreoffice package dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4496=1 openSUSE-SLE-15.4-2023-4496=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4496=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4496=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4496=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4496=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4496=1 ## Package List: * openSUSE Leap 15.4 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * python3-liborcus-0.18.1-150400.13.3.2 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * python3-libixion-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * python3-liborcus-0.18.1-150400.13.3.2 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * python3-libixion-0.18.1-150400.14.3.2 * liborcus-devel-0.18.1-150400.13.3.2 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP4 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le) * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * python3-liborcus-0.18.1-150400.13.3.2 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * python3-libixion-0.18.1-150400.14.3.2 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 ## References: * https://www.suse.com/security/cve/CVE-2023-1183.html * https://bugzilla.suse.com/show_bug.cgi?id=1209243 * https://bugzilla.suse.com/show_bug.cgi?id=1212444 * https://bugzilla.suse.com/show_bug.cgi?id=1215595 * https://jira.suse.com/browse/PED-5199 * https://jira.suse.com/browse/PED-6799 * https://jira.suse.com/browse/PED-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:14:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:14:31 +0100 (CET) Subject: SUSE-CU-2023:3777-1: Security update of suse/sle15 Message-ID: <20231121161431.04E60F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3777-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.844 Container Release : 6.2.844 Severity : important Type : security References : 1216123 1216174 CVE-2023-44487 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4492-1 Released: Mon Nov 20 18:59:17 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) The following package changes have been done: - libnghttp2-14-1.40.0-150000.3.17.1 updated From sle-updates at lists.suse.com Tue Nov 21 16:17:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:17:42 +0100 (CET) Subject: SUSE-CU-2023:3785-1: Security update of bci/golang Message-ID: <20231121161742.9AA3CF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3785-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.2 Container Release : 8.2 Severity : important Type : security References : 1206346 1206346 1206346 1213229 1213880 1215084 1215085 1215090 1215985 1216109 1216943 1216944 CVE-2023-29406 CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:2601-1 Released: Wed Jun 21 15:42:34 2023 Summary: Optional update for go1.20-openssl Type: optional Severity: moderate References: This update for go1.20-openssl fixes the following issues: This update delivers a go1.20 1.20.5.2 package built with its cryptography using the system openssl library. (jsc#SLE-18320 jsc#PED-1962) This allows GO binaries built with go1.20-openssl to be operating in FIPS 140-2/3 mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3002-1 Released: Thu Jul 27 12:38:13 2023 Summary: Security update for go1.20-openssl Type: security Severity: moderate References: 1206346,1213229,CVE-2023-29406 This update for go1.20-openssl fixes the following issues: Update to version 1.20.6.1 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3840-1 Released: Wed Sep 27 19:34:42 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1213880,1215084,1215085,1215090,CVE-2023-29409,CVE-2023-39318,CVE-2023-39319 This update for go1.20-openssl fixes the following issues: Update to version 1.20.8 (bsc#1206346). - CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts (bsc#1215084). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4472-1 Released: Thu Nov 16 19:01:27 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1215985,1216109,1216943,1216944,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta The following package changes have been done: - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 added - go1.20-openssl-1.20.11.1-150000.1.14.1 added - go1.20-openssl-race-1.20.11.1-150000.1.14.1 added - go1.19-openssl-1.19.13.1-150000.1.8.1 removed - go1.19-openssl-doc-1.19.13.1-150000.1.8.1 removed - go1.19-openssl-race-1.19.13.1-150000.1.8.1 removed From sle-updates at lists.suse.com Tue Nov 21 16:17:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:17:47 +0100 (CET) Subject: SUSE-CU-2023:3786-1: Security update of bci/golang Message-ID: <20231121161747.5782CF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3786-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.2 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.2 Container Release : 8.2 Severity : moderate Type : security References : 1212475 1212667 1212669 1215084 1215085 1215086 1215087 1215090 1215985 1216109 1216943 1216944 CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4469-1 Released: Thu Nov 16 18:59:45 2023 Summary: Security update for go1.21-openssl Type: security Severity: moderate References: 1212475,1212667,1212669,1215084,1215085,1215086,1215087,1215090,1215985,1216109,1216943,1216944,CVE-2023-39318,CVE-2023-39319,CVE-2023-39320,CVE-2023-39321,CVE-2023-39322,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. The following package changes have been done: - go1.21-openssl-doc-1.21.4.1-150000.1.5.1 added - go1.21-openssl-1.21.4.1-150000.1.5.1 added - go1.21-openssl-race-1.21.4.1-150000.1.5.1 added - go1.20-openssl-1.20.11.1-150000.1.14.1 removed - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 removed - go1.20-openssl-race-1.20.11.1-150000.1.14.1 removed From sle-updates at lists.suse.com Tue Nov 21 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4511-1: important: Security update for container-suseconnect Message-ID: <170058420270.4687.240339532663817289@smelt2.prg2.suse.org> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:4511-1 Rating: important References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4511=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4511=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4511=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4511=1 ## Package List: * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-debuginfo-2.4.0-150000.4.44.1 * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4510-1: important: Security update for ucode-intel Message-ID: <170058420624.4687.4972852455298783736@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4510-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4510=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4510=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4510=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20231114-150100.3.231.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:09 -0000 Subject: SUSE-RU-2023:3476-2: moderate: Recommended update for jing-trang Message-ID: <170058420913.4687.8478387361242074443@smelt2.prg2.suse.org> # Recommended update for jing-trang Announcement ID: SUSE-RU-2023:3476-2 Rating: moderate References: * jsc#SLE-23217 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update for jing-trang fixes the following issues: * Version update from 20181222 to 20220510 (jsc#SLE-23217): * Fix NullPointerException when namespace URI is null * Travis: Dropo old Travis-no-longer supports JDKs * Fix missing format string for column argument * Add a SAX API to the Validation Driver * Fix compilation issues with Java 11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3476=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3476=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3476=1 ## Package List: * openSUSE Leap 15.5 (noarch) * dtdinst-20220510-150200.10.7.3 * jing-20220510-150200.10.7.3 * jing-javadoc-20220510-150200.10.7.3 * trang-20220510-150200.10.7.3 * Development Tools Module 15-SP5 (noarch) * jing-20220510-150200.10.7.3 * SUSE Package Hub 15 15-SP5 (noarch) * trang-20220510-150200.10.7.3 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:11 -0000 Subject: SUSE-RU-2023:4509-1: important: Recommended update for helm Message-ID: <170058421162.4687.9849296259536667306@smelt2.prg2.suse.org> # Recommended update for helm Announcement ID: SUSE-RU-2023:4509-1 Rating: important References: * bsc#1217013 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for helm fixes the following issues: * Update to version 3.13.2 (bsc#1217013) * Fixes a regression when helm can't be pulled anonymously from registries. (bsc#1217013) * Allow using label selectors for system labels for sql backend. * Allow using label selectors for system labels for secrets and configmap backends. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4509=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4509=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4509=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4509=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4509=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4509=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4509=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4509=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4509=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4509=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4509=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * openSUSE Leap 15.4 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * helm-fish-completion-3.13.2-150000.1.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * openSUSE Leap 15.5 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * helm-fish-completion-3.13.2-150000.1.29.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * Containers Module 15-SP4 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * Containers Module 15-SP5 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * SUSE Package Hub 15 15-SP4 (noarch) * helm-fish-completion-3.13.2-150000.1.29.1 * SUSE Package Hub 15 15-SP5 (noarch) * helm-fish-completion-3.13.2-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * helm-debuginfo-3.13.2-150000.1.29.1 * helm-3.13.2-150000.1.29.1 * SUSE Enterprise Storage 7.1 (noarch) * helm-zsh-completion-3.13.2-150000.1.29.1 * helm-bash-completion-3.13.2-150000.1.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217013 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:19 -0000 Subject: SUSE-SU-2023:4508-1: important: Security update for openvswitch Message-ID: <170058421935.4687.15702606346954695768@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4508-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4508=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4508=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4508=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4508=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4508=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4508=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * openSUSE Leap 15.3 (noarch) * openvswitch-doc-2.14.2-150300.19.11.1 * ovn-doc-20.06.2-150300.19.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:23 -0000 Subject: SUSE-SU-2023:4507-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <170058422358.4687.1306811777080176629@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4507-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:27 -0000 Subject: SUSE-SU-2023:4506-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <170058422734.4687.12140346523389489923@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4506-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4506=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4506=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4506=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4506=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4506=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4506=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4506=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:31 -0000 Subject: SUSE-SU-2023:4505-1: moderate: Security update for libxml2 Message-ID: <170058423174.4687.12933297424073757836@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4505-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4505=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.4-46.68.2 * libxml2-devel-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:34 -0000 Subject: SUSE-SU-2023:4504-1: moderate: Security update for libxml2 Message-ID: <170058423419.4687.3841451660573346300@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4504-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4504=1 openSUSE-SLE-15.5-2023-4504=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4504=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4504=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4504=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * python311-libxml2-2.10.3-150500.5.11.1 * python311-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.11.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-32bit-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (noarch) * libxml2-doc-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libxml2-2-64bit-2.10.3-150500.5.11.1 * libxml2-2-64bit-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-64bit-2.10.3-150500.5.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * Basesystem Module 15-SP5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.11.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.11.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.10.3-150500.5.11.1 * python311-libxml2-2.10.3-150500.5.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 16:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:38 -0000 Subject: SUSE-SU-2023:4503-1: moderate: Security update for avahi Message-ID: <170058423821.4687.6320878142092776278@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4503-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4503=1 openSUSE-SLE-15.4-2023-4503=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4503=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4503=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4503=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4503=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4503=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4503=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4503=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4503=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4503=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4503=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4503=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4503=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4503=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4503=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libavahi-gobject-devel-0.8-150400.7.10.1 * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * python3-avahi-gtk-0.8-150400.7.10.1 * libavahi-qt5-1-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * avahi-qt5-debugsource-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-qt5-devel-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.4 (x86_64) * libdns_sd-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-32bit-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-32bit-0.8-150400.7.10.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.4 (noarch) * avahi-lang-0.8-150400.7.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libavahi-client3-64bit-0.8-150400.7.10.1 * avahi-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-64bit-0.8-150400.7.10.1 * libavahi-common3-64bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-64bit-0.8-150400.7.10.1 * libdns_sd-64bit-0.8-150400.7.10.1 * libavahi-glib1-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-64bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libavahi-gobject-devel-0.8-150400.7.10.1 * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * python3-avahi-gtk-0.8-150400.7.10.1 * libavahi-qt5-1-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * avahi-qt5-debugsource-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-qt5-devel-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.5 (x86_64) * libdns_sd-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-32bit-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-32bit-0.8-150400.7.10.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.5 (noarch) * avahi-lang-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (noarch) * avahi-lang-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (x86_64) * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (noarch) * avahi-lang-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (x86_64) * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-gobject-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-gobject-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4524-1: important: Security update for openssl-1_1 Message-ID: <170059860505.25714.7981559577132697171@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4524-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4524=1 SUSE-2023-4524=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4524=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4524=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4524=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4524=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4524=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4524=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4524=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.60.2 * libopenssl1_1-32bit-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-64bit-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.60.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.60.2 * libopenssl1_1-32bit-1.1.1l-150400.7.60.2 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4523-1: important: Security update for openssl-1_0_0 Message-ID: <170059860741.25714.15173528140359819824@smelt2.prg2.suse.org> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:4523-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4523=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4522-1: important: Security update for openssl-1_0_0 Message-ID: <170059860942.25714.12515539011556947654@smelt2.prg2.suse.org> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:4522-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4522=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4522=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4522=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4522=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4522=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4522=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4522=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.88.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.88.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:11 -0000 Subject: SUSE-SU-2023:4521-1: important: Security update for openssl-1_1 Message-ID: <170059861184.25714.15729174873459891076@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4521-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4521=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl-1_1-devel-1.1.1d-2.101.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:13 -0000 Subject: SUSE-SU-2023:4520-1: important: Security update for openssl-1_1 Message-ID: <170059861381.25714.11487829898875444417@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4520-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4520=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4520=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4520=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:15 -0000 Subject: SUSE-SU-2023:4519-1: important: Security update for openssl-1_1 Message-ID: <170059861595.25714.15014760609041093523@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4519-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4519=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4519=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4519=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4519=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4519=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4519=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4519=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4519=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4519=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:18 -0000 Subject: SUSE-SU-2023:4518-1: important: Security update for openssl-1_1 Message-ID: <170059861803.25714.4624223161916828450@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4518-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4518=1 openSUSE-SLE-15.5-2023-4518=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4518=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4518=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.22.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-64bit-1.1.1l-150500.17.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:20 -0000 Subject: SUSE-SU-2023:4517-1: moderate: Security update for python3-setuptools Message-ID: <170059862076.25714.14884309924888911360@smelt2.prg2.suse.org> # Security update for python3-setuptools Announcement ID: SUSE-SU-2023:4517-1 Rating: moderate References: * bsc#1206667 Cross-References: * CVE-2022-40897 CVSS scores: * CVE-2022-40897 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-40897 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-setuptools fixes the following issues: * CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4517=1 openSUSE-SLE-15.4-2023-4517=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4517=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4517=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4517=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4517=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4517=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4517=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4517=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4517=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4517=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4517=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap 15.5 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * Basesystem Module 15-SP4 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * Basesystem Module 15-SP5 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40897.html * https://bugzilla.suse.com/show_bug.cgi?id=1206667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4516-1: important: Security update for strongswan Message-ID: <170059862381.25714.1811817852557386866@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4516-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4516=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4516=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4516=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE CaaS Platform 4.0 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:30 -0000 Subject: SUSE-SU-2023:4515-1: important: Security update for strongswan Message-ID: <170059863084.25714.12067632372056518820@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4515-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4515=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4515=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4515=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:32 -0000 Subject: SUSE-SU-2023:4514-1: important: Security update for strongswan Message-ID: <170059863274.25714.3628284110804394022@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4514-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4514=1 openSUSE-SLE-15.4-2023-4514=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4514=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4514=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4514=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-mysql-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * strongswan-mysql-5.9.11-150400.19.17.2 * strongswan-sqlite-5.9.11-150400.19.17.2 * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-sqlite-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:35 -0000 Subject: SUSE-SU-2023:4513-1: important: Security update for apache2-mod_jk Message-ID: <170059863519.25714.1591783688765338660@smelt2.prg2.suse.org> # Security update for apache2-mod_jk Announcement ID: SUSE-SU-2023:4513-1 Rating: important References: * bsc#1114612 Cross-References: * CVE-2018-11759 CVSS scores: * CVE-2018-11759 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2018-11759 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache * Retrieve default request id from mod_unique_id. It can also be taken from an arbitrary environment variable by configuring "JkRequestIdIndicator". * Don't delegate the generatation of the response body to httpd when the status code represents an error if the request used the HEAD method. * Only export the main module symbol. Visibility of module internal symbols led to crashes when conflicting with library symbols. Based on a patch provided by Josef ?ejka. * Remove support for implicit mapping of requests to workers. All mappings must now be explicit. IIS * Set default request id as a GUID. It can also be taken from an arbitrary request header by configuring "request_id_header". * Fix non-empty check for the Translate header. Common * Fix compiler warning when initializing and copying fixed length strings. * Add a request id to mod_jk log lines. * Enable configure to find the correct sizes for pid_t and pthread_t when building on MacOS. * Fix Clang 15/16 compatability. Pull request #6 provided by Sam James. * Improve XSS hardening in status worker. * Add additional bounds and error checking when reading AJP messages. Docs * Remove support for the Netscape / Sun ONE / Oracle iPlanet Web Server as the product has been retired. * Remove links to the old JK2 documentation. The JK2 documentation is still available, it is just no longer linked from the current JK documentation. * Restructure subsections in changelog starting with version 1.2.45. Changes for 1.2.47 and 1.2.48 updates: * Add: Apache: Extend trace level logging of method entry/exit to aid debugging of request mapping issues. * Fix: Apache: Fix a bug in the normalization checks that prevented file based requests, such as SSI file includes, from being processed. * Fix: Apache: When using JkAutoAlias, ensure that files that include spaces in their name are accessible. * Update: Common: Update the documentation to reflect that the source code for the Apache Tomcat Connectors has moved from Subversion to Git. * Fix: Common: When using set_session_cookie, ensure that an updated session cookie is issued if the load-balancer has to failover to a different worker. * Update: Common: Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. * Update: Common: Update release script for migration to git. Update to version 1.2.46 Fixes: * Apache: Fix regression in 1.2.44 which resulted in socket_connect_timeout to be interpreted in units of seconds instead of milliseconds on platforms that provide poll(). (rjung) * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] Update to version 1.2.45 Fixes: * Correct regression in 1.2.44 that broke request handling for OPTIONS * requests. (rjung) * Improve path parameter parsing so that the session ID specified by the session_path worker property for load-balanced workers can be extracted from a path parameter in any segment of the URI, rather than only from the final segment. (markt) * Apache: Improve path parameter handling so that JkStripSession can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) * IIS: Improve path parameter handling so that strip_session can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) Updates: * Apache: Update the documentation to note additional limitations of the JkAutoAlias directive. (markt) Code: * Common: Optimize path parameter handling. (rjung) Update to version 1.2.44 Updates: * Remove the Novell Netware make files and Netware specific source code since there has not been a supported version of Netware available for over five years. (markt) * Apache: Update the documentation to use httpd 2.4.x style access control directives. (markt) * Update PCRE bundled with the ISAPI redirector to 8.42. (rjung) * Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. (rjung) Fixes: * Common: Use Local, rather than Global, mutexs on Windows to better support multi-user environments. (markt) * Apache: Use poll rather than select to avoid the limitations of select triggering an httpd crash. Patch provided by Koen Wilde. (markt) * ISAPI: Remove the check that rejects requests that contain path segments that match WEB-INF or META-INF as it duplicates a check that Tomcat performs and, because ISAPI does not have visibility of the current context path, it is impossible to implement this check without valid requests being rejected. (markt) * Refactor normalisation of request URIs to a common location and align the normalisation implementation for mod_jk with that implemented by Tomcat. (markt) Add: * Clarify the behvaiour of lb workers when all ajp13 workers fail with particular reference to the role of the retries attribute. (markt) * Add the new load-balancer worker property lb_retries to improve the control over the number of retries. Based on a patch provided by Frederik Nosi. (markt) * Add a note to the documentation that the CollapseSlashes options are now effectively hard-coded to CollpaseSlashesAll due to the changes made to align normalization with that implemented in Tomcat. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4513=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4513=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4513=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4513=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2018-11759.html * https://bugzilla.suse.com/show_bug.cgi?id=1114612 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 21 20:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:37 -0000 Subject: SUSE-SU-2023:4512-1: important: Security update for util-linux Message-ID: <170059863766.25714.12516401984596009338@smelt2.prg2.suse.org> # Security update for util-linux Announcement ID: SUSE-SU-2023:4512-1 Rating: important References: * bsc#1213865 Cross-References: * CVE-2018-7738 CVSS scores: * CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4512=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4512=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4512=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4512=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4512=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4512=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE CaaS Platform 4.0 (x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE CaaS Platform 4.0 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2018-7738.html * https://bugzilla.suse.com/show_bug.cgi?id=1213865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 08:42:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:42:56 +0100 (CET) Subject: SUSE-CU-2023:3791-1: Security update of suse/sle15 Message-ID: <20231122084256.57E1CF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3791-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.120 , suse/sle15:15.4 , suse/sle15:15.4.27.14.120 Container Release : 27.14.120 Severity : important Type : security References : 1212475 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Wed Nov 22 08:44:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:44:41 +0100 (CET) Subject: SUSE-CU-2023:3798-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231122084441.57632F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3798-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.9 Container Release : 9.40.9 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - python3-setuptools-44.1.1-150400.9.6.1 updated From sle-updates at lists.suse.com Wed Nov 22 08:44:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:44:49 +0100 (CET) Subject: SUSE-CU-2023:3799-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231122084449.14429F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3799-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.8 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.8 Container Release : 9.30.8 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - python3-setuptools-44.1.1-150400.9.6.1 updated From sle-updates at lists.suse.com Wed Nov 22 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 12:30:02 -0000 Subject: SUSE-RU-2023:4525-1: moderate: Recommended update for samba Message-ID: <170065620239.22031.14596860662940593370@smelt2.prg2.suse.org> # Recommended update for samba Announcement ID: SUSE-RU-2023:4525-1 Rating: moderate References: * bsc#1213607 * bsc#1213826 * bsc#1215212 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three fixes can now be installed. ## Description: This update for samba fixes the following issues: * Update to samba 4.17.12 * Some filenames can cause assert to fail in openat_pathref_fsp_nosymlink * reply_sesssetup_and_X() can dereference uninitialized tmp pointer * Missing return in reply_exit_done() * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer * Improve GetNChanges to address synchronization tool looping during the initial user sync phase * Samba replication logs show (null) DN * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination * Spotlight results return wrong date in result list * Delays at reconnect with smb2_validate_sequence_number: bad message_id 2 * samba-tool ntacl get segfault if aio_pthread appended * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed * File doesn't show when user doesn't have permission if aio_pthread is loaded * net ads lookup with unspecified realm fails * Regression DFS not working with widelinks = true (bsc#1213607); * ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1 * mdssvc: Do an early talloc_free() in _mdssvc_open() * Windows client join fails if a second container CN=System exists somewhere * Fix crossing automounter mount points (bsc#1215212) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4525=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4525=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4525=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4525=1 openSUSE-SLE-15.5-2023-4525=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * samba-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debugsource-4.17.12+git.427.2619dc0bed-150500.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsamba-policy-python3-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-gpupdate-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-tool-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debugsource-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ldb-ldap-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ldb-ldap-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-4.17.12+git.427.2619dc0bed-150500.3.14.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ceph-4.17.12+git.427.2619dc0bed-150500.3.14.1 * Basesystem Module 15-SP5 (x86_64) * samba-client-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ctdb-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debugsource-4.17.12+git.427.2619dc0bed-150500.3.14.1 * ctdb-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libsamba-policy-python3-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * ctdb-pcp-pmda-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-gpupdate-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-tool-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-4.17.12+git.427.2619dc0bed-150500.3.14.1 * ctdb-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-devel-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-debugsource-4.17.12+git.427.2619dc0bed-150500.3.14.1 * ctdb-pcp-pmda-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * ctdb-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-test-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ldb-ldap-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ldb-ldap-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-test-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-4.17.12+git.427.2619dc0bed-150500.3.14.1 * openSUSE Leap 15.5 (x86_64) * samba-client-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-32bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-devel-32bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * openSUSE Leap 15.5 (noarch) * samba-doc-4.17.12+git.427.2619dc0bed-150500.3.14.1 * openSUSE Leap 15.5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-ceph-4.17.12+git.427.2619dc0bed-150500.3.14.1 * openSUSE Leap 15.5 (aarch64_ilp32) * samba-libs-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-libs-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-client-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-devel-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-libs-python3-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * samba-winbind-libs-64bit-debuginfo-4.17.12+git.427.2619dc0bed-150500.3.14.1 * libsamba-policy0-python3-64bit-4.17.12+git.427.2619dc0bed-150500.3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213607 * https://bugzilla.suse.com/show_bug.cgi?id=1213826 * https://bugzilla.suse.com/show_bug.cgi?id=1215212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4531-1: moderate: Recommended update for perl-DateTime-TimeZone Message-ID: <170067060268.8053.3484813678302171315@smelt2.prg2.suse.org> # Recommended update for perl-DateTime-TimeZone Announcement ID: SUSE-RU-2023:4531-1 Rating: moderate References: * bsc#1104700 * bsc#1113554 * bsc#1204923 * jsc#PED-6726 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature and has three fixes can now be installed. ## Description: This update for perl-DateTime-TimeZone fixes the following issues: * updated to 2.60 (jsc#PED-6726, bsc#1204923, bsc#1113554, bsc#1104700) full changelog at https://metacpan.org/release/DROLSKY/DateTime- TimeZone-2.60/changes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4531=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4531=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4531=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4531=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4531=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4531=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4531=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * SUSE Manager Server 4.2 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * openSUSE Leap 15.4 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * openSUSE Leap 15.5 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * Basesystem Module 15-SP4 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * Basesystem Module 15-SP5 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * perl-DateTime-TimeZone-2.60-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1104700 * https://bugzilla.suse.com/show_bug.cgi?id=1113554 * https://bugzilla.suse.com/show_bug.cgi?id=1204923 * https://jira.suse.com/browse/PED-6726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4529-1: important: Security update for strongswan Message-ID: <170067060451.8053.10980188726617427575@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4529-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4529=1 openSUSE-SLE-15.5-2023-4529=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4529=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4529=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4529=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-mysql-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-sqlite-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.6.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.6.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4528-1: important: Security update for python-Pillow Message-ID: <170067060678.8053.8147457119325492778@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4528-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4528=1 openSUSE-SLE-15.4-2023-4528=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4528=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4528=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4528=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4527-1: moderate: Security update for maven, maven-resolver, sbt, xmvn Message-ID: <170067061023.8053.15609698661311525257@smelt2.prg2.suse.org> # Security update for maven, maven-resolver, sbt, xmvn Announcement ID: SUSE-SU-2023:4527-1 Rating: moderate References: * bsc#1162112 * bsc#1216529 Cross-References: * CVE-2023-46122 CVSS scores: * CVE-2023-46122 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-46122 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: * CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). * Upgraded maven to version 3.9.4 * Upgraded maven-resolver to version 1.9.15. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4527=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4527=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4527=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4527=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4527=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4527=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4527=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 * sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 * sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-minimal-4.2.0-150200.3.14.1 * xmvn-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * Development Tools Module 15-SP5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-util-1.9.15-150200.3.14.2 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Package Hub 15 15-SP5 (noarch) * sbt-bootstrap-0.13.18-150200.4.16.1 * sbt-0.13.18-150200.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Enterprise Storage 7.1 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-46122.html * https://bugzilla.suse.com/show_bug.cgi?id=1162112 * https://bugzilla.suse.com/show_bug.cgi?id=1216529 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:12 -0000 Subject: SUSE-RU-2023:4526-1: moderate: Recommended update for crmsh Message-ID: <170067061276.8053.9751363478333871449@smelt2.prg2.suse.org> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:4526-1 Rating: moderate References: * bsc#1216597 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for crmsh fixes the following issues: * Fix failure of the command `crm cluster run` when adding a user to the `crm.conf` file (bsc#1216597) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4526=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4526=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * crmsh-4.1.1+git.1698634014.97c7bf37-2.80.1 * crmsh-scripts-4.1.1+git.1698634014.97c7bf37-2.80.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (noarch) * crmsh-4.1.1+git.1698634014.97c7bf37-2.80.1 * crmsh-scripts-4.1.1+git.1698634014.97c7bf37-2.80.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216597 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 19:12:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:12:27 +0100 (CET) Subject: SUSE-CU-2023:3801-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231122191227.763A8F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3801-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.258 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.258 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-updates at lists.suse.com Wed Nov 22 19:12:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:12:59 +0100 (CET) Subject: SUSE-CU-2023:3802-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231122191259.03BDEF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3802-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.155 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.155 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-updates at lists.suse.com Wed Nov 22 19:14:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:14:27 +0100 (CET) Subject: SUSE-CU-2023:3803-1: Security update of suse/sle15 Message-ID: <20231122191427.218ACF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3803-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.215 , suse/sle15:15.3 , suse/sle15:15.3.17.20.215 Container Release : 17.20.215 Severity : important Type : security References : 1212475 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated From sle-updates at lists.suse.com Wed Nov 22 19:15:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:15:15 +0100 (CET) Subject: SUSE-CU-2023:3804-1: Security update of bci/bci-init Message-ID: <20231122191515.D1CDCF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3804-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.29 Container Release : 30.29 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-updates at lists.suse.com Wed Nov 22 19:15:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:15:48 +0100 (CET) Subject: SUSE-CU-2023:3805-1: Security update of bci/nodejs Message-ID: <20231122191548.9463AF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3805-1 Container Tags : bci/node:16 , bci/node:16-18.24 , bci/nodejs:16 , bci/nodejs:16-18.24 Container Release : 18.24 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.119 updated From sle-updates at lists.suse.com Wed Nov 22 19:16:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:16:50 +0100 (CET) Subject: SUSE-CU-2023:3806-1: Security update of suse/pcp Message-ID: <20231122191650.33DD5F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3806-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.194 , suse/pcp:5.2 , suse/pcp:5.2-17.194 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.194 Container Release : 17.194 Severity : important Type : security References : 1215947 1216419 1216922 CVE-2023-38470 CVE-2023-38473 CVE-2023-5678 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libavahi-common3-0.8-150400.7.10.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - container:bci-bci-init-15.4-15.4-30.29 updated From sle-updates at lists.suse.com Wed Nov 22 19:17:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:17:02 +0100 (CET) Subject: SUSE-CU-2023:3807-1: Security update of suse/postgres Message-ID: <20231122191702.539D1F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3807-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.14 , suse/postgres:14.10 , suse/postgres:14.10-24.14 Container Release : 24.14 Severity : important Type : security References : 1122892 1179231 1206796 1209208 1216022 1216022 1216734 1216734 1216922 1216960 1216960 1216961 1216961 1216962 1216962 CVE-2023-5678 CVE-2023-5868 CVE-2023-5868 CVE-2023-5869 CVE-2023-5869 CVE-2023-5870 CVE-2023-5870 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4479-1 Released: Mon Nov 20 10:09:03 2023 Summary: Security update for postgresql14 Type: security Severity: important References: 1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4495-1 Released: Tue Nov 21 08:39:58 2023 Summary: Security update for postgresql, postgresql15, postgresql16 Type: security Severity: important References: 1122892,1179231,1206796,1209208,1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libpq5-16.1-150200.5.7.1 updated - postgresql-16-150400.4.9.2 updated - postgresql14-14.10-150200.5.36.1 updated - postgresql-server-16-150400.4.9.2 updated - postgresql14-server-14.10-150200.5.36.1 updated - container:sles15-image-15.0.0-27.14.119 updated - dbus-1-1.12.2-150400.18.8.1 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - libapparmor1-3.0.4-150400.5.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcryptsetup12-hmac-2.4.3-150400.3.3.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libffi7-3.2.1.git259-10.8 removed - libip4tc2-1.8.7-1.1 removed - libjson-c3-0.13-3.3.1 removed - libkmod2-29-4.15.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libseccomp2-2.5.3-150400.2.4 removed - libudev1-249.16-150400.8.35.5 removed - netcfg-11.6-3.3.1 removed - pam-config-1.1-3.3.1 removed - pkg-config-0.29.2-1.436 removed - systemd-249.16-150400.8.35.5 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-branding-SLE-15.1-150100.20.11.1 removed - systemd-presets-common-SUSE-15-150100.8.20.1 removed From sle-updates at lists.suse.com Wed Nov 22 19:17:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:17:45 +0100 (CET) Subject: SUSE-CU-2023:3808-1: Security update of bci/python Message-ID: <20231122191745.C2BE2F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3808-1 Container Tags : bci/python:3 , bci/python:3-16.26 , bci/python:3.10 , bci/python:3.10-16.26 Container Release : 16.26 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.119 updated From sle-updates at lists.suse.com Wed Nov 22 19:17:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:17:59 +0100 (CET) Subject: SUSE-CU-2023:3809-1: Security update of suse/389-ds Message-ID: <20231122191759.C152FF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3809-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.47 , suse/389-ds:latest Container Release : 16.47 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.5.57 updated From sle-updates at lists.suse.com Wed Nov 22 19:18:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:18:46 +0100 (CET) Subject: SUSE-CU-2023:3815-1: Recommended update of suse/helm Message-ID: <20231122191846.39207F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3815-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.15 , suse/helm:latest Container Release : 3.15 Severity : important Type : recommended References : 1217013 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4509-1 Released: Tue Nov 21 13:36:00 2023 Summary: Recommended update for helm Type: recommended Severity: important References: 1217013 This update for helm fixes the following issues: - Update to version 3.13.2 (bsc#1217013) - Fixes a regression when helm can't be pulled anonymously from registries. (bsc#1217013) - Allow using label selectors for system labels for sql backend. - Allow using label selectors for system labels for secrets and configmap backends. The following package changes have been done: - helm-3.13.2-150000.1.29.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated From sle-updates at lists.suse.com Wed Nov 22 19:19:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:19:54 +0100 (CET) Subject: SUSE-CU-2023:3821-1: Security update of suse/pcp Message-ID: <20231122191954.587B9F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3821-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.68 , suse/pcp:5.2 , suse/pcp:5.2-15.68 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.68 , suse/pcp:latest Container Release : 15.68 Severity : moderate Type : security References : 1215947 1216419 CVE-2023-38470 CVE-2023-38473 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - container:bci-bci-init-15.5-15.5-10.39 updated From sle-updates at lists.suse.com Wed Nov 22 19:20:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:20:20 +0100 (CET) Subject: SUSE-CU-2023:3823-1: Security update of suse/postgres Message-ID: <20231122192020.89CEEF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3823-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.17 , suse/postgres:15.5 , suse/postgres:15.5-12.17 , suse/postgres:latest Container Release : 12.17 Severity : important Type : security References : 1122892 1179231 1206796 1209208 1216022 1216734 1216960 1216961 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4495-1 Released: Tue Nov 21 08:39:58 2023 Summary: Security update for postgresql, postgresql15, postgresql16 Type: security Severity: important References: 1122892,1179231,1206796,1209208,1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libpq5-16.1-150200.5.7.1 updated - postgresql-16-150500.10.3.2 updated - postgresql15-15.5-150200.5.19.1 updated - postgresql-server-16-150500.10.3.2 updated - postgresql15-server-15.5-150200.5.19.1 updated - container:sles15-image-15.0.0-36.5.57 updated - dbus-1-1.12.2-150400.18.8.1 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - libapparmor1-3.0.4-150500.11.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcryptsetup12-hmac-2.4.3-150400.3.3.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libffi7-3.2.1.git259-10.8 removed - libip4tc2-1.8.7-1.1 removed - libjson-c3-0.13-3.3.1 removed - libkmod2-29-4.15.1 removed - libp11-kit0-0.23.22-150500.6.1 removed - libseccomp2-2.5.3-150400.2.4 removed - libudev1-249.16-150400.8.35.5 removed - netcfg-11.6-3.3.1 removed - pam-config-1.1-3.3.1 removed - pkg-config-0.29.2-1.436 removed - systemd-249.16-150400.8.35.5 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-branding-SLE-15.1-150100.20.11.1 removed - systemd-presets-common-SUSE-15-150500.20.3.1 removed From sle-updates at lists.suse.com Wed Nov 22 19:21:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:21:04 +0100 (CET) Subject: SUSE-CU-2023:3827-1: Security update of suse/sle15 Message-ID: <20231122192104.5E4A1F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3827-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.57 , suse/sle15:15.5 , suse/sle15:15.5.36.5.57 Container Release : 36.5.57 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libxml2-2-2.10.3-150500.5.11.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated From sle-updates at lists.suse.com Wed Nov 22 19:21:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:21:13 +0100 (CET) Subject: SUSE-CU-2023:3828-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231122192113.CA665F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3828-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.8 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.8 Container Release : 9.30.8 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Wed Nov 22 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4533-1: important: Security update for MozillaFirefox Message-ID: <170068500238.4371.1872406185355583421@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4533-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4533=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4533=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4533=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 22 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4532-1: important: Security update for MozillaFirefox Message-ID: <170068500444.4371.12946692827598917469@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4532-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4532=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 08:02:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:02:38 +0100 (CET) Subject: SUSE-CU-2023:3830-1: Security update of bci/openjdk-devel Message-ID: <20231123080238.04B6EF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3830-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.84 Container Release : 10.84 Severity : moderate Type : security References : 1162112 1216529 CVE-2023-46122 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4527-1 Released: Wed Nov 22 14:38:50 2023 Summary: Security update for maven, maven-resolver, sbt, xmvn Type: security Severity: moderate References: 1162112,1216529,CVE-2023-46122 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - maven-resolver-api-1.9.15-150200.3.14.2 updated - maven-resolver-util-1.9.15-150200.3.14.2 updated - maven-resolver-spi-1.9.15-150200.3.14.2 updated - maven-resolver-named-locks-1.9.15-150200.3.14.2 updated - maven-resolver-transport-file-1.9.15-150200.3.14.2 updated - maven-resolver-connector-basic-1.9.15-150200.3.14.2 updated - maven-resolver-transport-wagon-1.9.15-150200.3.14.2 updated - maven-resolver-impl-1.9.15-150200.3.14.2 updated - maven-resolver-transport-http-1.9.15-150200.3.14.2 updated - maven-lib-3.9.4-150200.4.18.1 updated - maven-3.9.4-150200.4.18.1 updated - container:bci-openjdk-11-15.5.11-11.41 updated From sle-updates at lists.suse.com Thu Nov 23 08:02:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:02:57 +0100 (CET) Subject: SUSE-CU-2023:3831-1: Security update of bci/openjdk-devel Message-ID: <20231123080257.02757F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3831-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.79 , bci/openjdk-devel:latest Container Release : 12.79 Severity : moderate Type : security References : 1162112 1216529 CVE-2023-46122 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4527-1 Released: Wed Nov 22 14:38:50 2023 Summary: Security update for maven, maven-resolver, sbt, xmvn Type: security Severity: moderate References: 1162112,1216529,CVE-2023-46122 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - maven-resolver-api-1.9.15-150200.3.14.2 updated - maven-resolver-util-1.9.15-150200.3.14.2 updated - maven-resolver-spi-1.9.15-150200.3.14.2 updated - maven-resolver-named-locks-1.9.15-150200.3.14.2 updated - maven-resolver-transport-file-1.9.15-150200.3.14.2 updated - maven-resolver-connector-basic-1.9.15-150200.3.14.2 updated - maven-resolver-transport-wagon-1.9.15-150200.3.14.2 updated - maven-resolver-impl-1.9.15-150200.3.14.2 updated - maven-resolver-transport-http-1.9.15-150200.3.14.2 updated - maven-lib-3.9.4-150200.4.18.1 updated - maven-3.9.4-150200.4.18.1 updated - container:bci-openjdk-17-15.5.17-12.39 updated From sle-updates at lists.suse.com Thu Nov 23 08:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:03:56 +0100 (CET) Subject: SUSE-CU-2023:3835-1: Security update of bci/python Message-ID: <20231123080356.08538F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3835-1 Container Tags : bci/python:3 , bci/python:3-14.33 , bci/python:3.6 , bci/python:3.6-14.33 Container Release : 14.33 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.5.57 updated From sle-updates at lists.suse.com Thu Nov 23 08:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:33 +0100 (CET) Subject: SUSE-CU-2023:3838-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231123080433.7EA4BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3838-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.10 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.10 Container Release : 9.40.10 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Thu Nov 23 08:04:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:39 +0100 (CET) Subject: SUSE-CU-2023:3839-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231123080439.63932F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3839-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.10 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.10 Container Release : 9.30.10 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Thu Nov 23 08:04:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:46 +0100 (CET) Subject: SUSE-CU-2023:3840-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231123080446.BC883F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3840-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.8 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.8 Container Release : 9.39.8 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Thu Nov 23 08:04:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:53 +0100 (CET) Subject: SUSE-CU-2023:3841-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231123080453.2FFE3F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3841-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.9 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.9 Container Release : 9.30.9 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-updates at lists.suse.com Thu Nov 23 08:05:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:05:29 +0100 (CET) Subject: SUSE-CU-2023:3842-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231123080529.635F7F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3842-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.496 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.496 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - container:sles15-image-15.0.0-17.20.215 updated From sle-updates at lists.suse.com Thu Nov 23 08:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:06:00 +0100 (CET) Subject: SUSE-CU-2023:3843-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231123080600.C363BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3843-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.318 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.318 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - container:sles15-image-15.0.0-17.20.215 updated From sle-updates at lists.suse.com Thu Nov 23 09:00:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 10:00:36 +0100 (CET) Subject: SUSE-CU-2023:3846-1: Security update of suse/sle15 Message-ID: <20231123090036.26DF6FDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3846-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.373 Container Release : 9.5.373 Severity : important Type : security References : 1212475 1213865 1216922 CVE-2018-7738 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - util-linux-2.33.2-150100.4.40.1 updated From sle-updates at lists.suse.com Thu Nov 23 08:59:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:59:13 +0100 (CET) Subject: SUSE-CU-2023:3845-1: Security update of suse/sle15 Message-ID: <20231123085913.12CCFFD95@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3845-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.846 Container Release : 6.2.846 Severity : important Type : security References : 1212475 1213865 1216922 CVE-2018-7738 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 updated - util-linux-2.33.2-150100.4.40.1 updated From sle-updates at lists.suse.com Thu Nov 23 08:57:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:57:11 +0100 (CET) Subject: SUSE-CU-2023:3844-1: Security update of suse/sles12sp5 Message-ID: <20231123085711.AF75BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3844-1 Container Tags : suse/sles12sp5:6.5.537 , suse/sles12sp5:latest Container Release : 6.5.537 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 1216922 CVE-2023-4039 CVE-2023-45322 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4480-1 Released: Mon Nov 20 10:15:33 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4505-1 Released: Tue Nov 21 13:30:43 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4523-1 Released: Tue Nov 21 17:50:16 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libgcc_s1-13.2.1+git7813-1.10.1 updated - libopenssl1_0_0-1.0.2p-3.87.1 updated - libstdc++6-13.2.1+git7813-1.10.1 updated - libxml2-2-2.9.4-46.68.2 updated - openssl-1_0_0-1.0.2p-3.87.1 updated From sle-updates at lists.suse.com Thu Nov 23 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4537-1: moderate: Security update for libxml2 Message-ID: <170074260511.22711.1468586096932028895@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4537-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4537=1 openSUSE-SLE-15.4-2023-4537=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4537=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4537=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4537=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * libxml2-devel-32bit-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libxml2-devel-64bit-2.9.14-150400.5.25.1 * libxml2-2-64bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-64bit-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:16 -0000 Subject: SUSE-RU-2023:4534-1: moderate: Recommended update for libzypp, zypper Message-ID: <170074261629.22711.16457110645228421517@smelt2.prg2.suse.org> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:4534-1 Rating: moderate References: * bsc#1041742 * bsc#1203760 * bsc#1212422 * bsc#1215979 * bsc#1216091 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has five fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) * Fix comment typo on zypp.conf (bsc#1215979) * Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) * Make sure the old target is deleted before a new one is created (bsc#1203760) * Return 104 also if info suggests near matches * Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) * commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4534=1 openSUSE-SLE-15.4-2023-4534=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4534=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4534=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4534=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4534=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4534=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4534=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4534=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4534=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4534=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4534=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4534=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4534=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4534=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4534=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4534=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-devel-doc-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * libzypp-devel-17.31.22-150400.3.43.1 * openSUSE Leap 15.4 (noarch) * zypper-aptitude-1.14.66-150400.3.35.1 * zypper-log-1.14.66-150400.3.35.1 * zypper-needs-restarting-1.14.66-150400.3.35.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * openSUSE Leap Micro 5.3 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * openSUSE Leap Micro 5.4 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-devel-doc-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * libzypp-devel-17.31.22-150400.3.43.1 * openSUSE Leap 15.5 (noarch) * zypper-aptitude-1.14.66-150400.3.35.1 * zypper-log-1.14.66-150400.3.35.1 * zypper-needs-restarting-1.14.66-150400.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Manager Proxy 4.3 (x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libzypp-17.31.22-150400.3.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * zypper-needs-restarting-1.14.66-150400.3.35.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * libzypp-devel-17.31.22-150400.3.43.1 * Basesystem Module 15-SP4 (noarch) * zypper-log-1.14.66-150400.3.35.1 * zypper-needs-restarting-1.14.66-150400.3.35.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zypper-1.14.66-150400.3.35.1 * libzypp-17.31.22-150400.3.43.1 * libzypp-debugsource-17.31.22-150400.3.43.1 * libzypp-debuginfo-17.31.22-150400.3.43.1 * zypper-debuginfo-1.14.66-150400.3.35.1 * zypper-debugsource-1.14.66-150400.3.35.1 * libzypp-devel-17.31.22-150400.3.43.1 * Basesystem Module 15-SP5 (noarch) * zypper-log-1.14.66-150400.3.35.1 * zypper-needs-restarting-1.14.66-150400.3.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1041742 * https://bugzilla.suse.com/show_bug.cgi?id=1203760 * https://bugzilla.suse.com/show_bug.cgi?id=1212422 * https://bugzilla.suse.com/show_bug.cgi?id=1215979 * https://bugzilla.suse.com/show_bug.cgi?id=1216091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:01 -0000 Subject: SUSE-RU-2023:4538-1: moderate: Recommended update for screen Message-ID: <170074260184.22711.6007339687602837127@smelt2.prg2.suse.org> # Recommended update for screen Announcement ID: SUSE-RU-2023:4538-1 Rating: moderate References: * jsc#SMO-279 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for screen fixes the following issue: * screen is shipped to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4538=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4538=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4538=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4538=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4538=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4538=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4538=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4538=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4538=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4538=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4538=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4538=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4538=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4538=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Manager Proxy 4.2 (x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * screen-debugsource-4.6.2-150000.5.5.1 * screen-4.6.2-150000.5.5.1 * screen-debuginfo-4.6.2-150000.5.5.1 ## References: * https://jira.suse.com/browse/SMO-279 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:08 -0000 Subject: SUSE-RU-2023:4536-1: moderate: Recommended update for libzypp, zypper Message-ID: <170074260839.22711.5346282706601403914@smelt2.prg2.suse.org> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:4536-1 Rating: moderate References: * bsc#1041742 * bsc#1203760 * bsc#1212422 * bsc#1215979 * bsc#1216091 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has five fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) * Fix comment typo on zypp.conf (bsc#1215979) * Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) * Make sure the old target is deleted before a new one is created (bsc#1203760) * Return 104 also if info suggests near matches * Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) * commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-4536=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4536=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4536=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4536=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.22-150100.3.120.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * zypper-1.14.66-150100.3.90.1 * zypper-debuginfo-1.14.66-150100.3.90.1 * libzypp-debugsource-17.31.22-150100.3.120.1 * zypper-debugsource-1.14.66-150100.3.90.1 * libzypp-debuginfo-17.31.22-150100.3.120.1 * libzypp-devel-17.31.22-150100.3.120.1 * libzypp-17.31.22-150100.3.120.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.66-150100.3.90.1 * zypper-log-1.14.66-150100.3.90.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * zypper-1.14.66-150100.3.90.1 * zypper-debuginfo-1.14.66-150100.3.90.1 * libzypp-debugsource-17.31.22-150100.3.120.1 * zypper-debugsource-1.14.66-150100.3.90.1 * libzypp-debuginfo-17.31.22-150100.3.120.1 * libzypp-devel-17.31.22-150100.3.120.1 * libzypp-17.31.22-150100.3.120.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.66-150100.3.90.1 * zypper-log-1.14.66-150100.3.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * zypper-1.14.66-150100.3.90.1 * zypper-debuginfo-1.14.66-150100.3.90.1 * libzypp-debugsource-17.31.22-150100.3.120.1 * zypper-debugsource-1.14.66-150100.3.90.1 * libzypp-debuginfo-17.31.22-150100.3.120.1 * libzypp-devel-17.31.22-150100.3.120.1 * libzypp-17.31.22-150100.3.120.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-needs-restarting-1.14.66-150100.3.90.1 * zypper-log-1.14.66-150100.3.90.1 * SUSE CaaS Platform 4.0 (x86_64) * zypper-1.14.66-150100.3.90.1 * zypper-debuginfo-1.14.66-150100.3.90.1 * libzypp-debugsource-17.31.22-150100.3.120.1 * zypper-debugsource-1.14.66-150100.3.90.1 * libzypp-debuginfo-17.31.22-150100.3.120.1 * libzypp-devel-17.31.22-150100.3.120.1 * libzypp-17.31.22-150100.3.120.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-needs-restarting-1.14.66-150100.3.90.1 * zypper-log-1.14.66-150100.3.90.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1041742 * https://bugzilla.suse.com/show_bug.cgi?id=1203760 * https://bugzilla.suse.com/show_bug.cgi?id=1212422 * https://bugzilla.suse.com/show_bug.cgi?id=1215979 * https://bugzilla.suse.com/show_bug.cgi?id=1216091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:11 -0000 Subject: SUSE-RU-2023:4535-1: moderate: Recommended update for libzypp, zypper Message-ID: <170074261152.22711.10086658789215903295@smelt2.prg2.suse.org> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:4535-1 Rating: moderate References: * bsc#1041742 * bsc#1203760 * bsc#1212422 * bsc#1215979 * bsc#1216091 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has five fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) * Fix comment typo on zypp.conf (bsc#1215979) * Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) * Make sure the old target is deleted before a new one is created (bsc#1203760) * Return 104 also if info suggests near matches * Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) * commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4535=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4535=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4535=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4535=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4535=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-4535=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4535=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4535=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4535=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4535=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4535=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4535=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4535=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4535=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4535=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4535=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Enterprise Storage 7.1 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.22-150200.78.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.22-150200.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Manager Proxy 4.2 (x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Manager Proxy 4.2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libzypp-devel-17.31.22-150200.78.1 * zypper-debuginfo-1.14.66-150200.65.1 * libzypp-debugsource-17.31.22-150200.78.1 * zypper-debugsource-1.14.66-150200.65.1 * libzypp-17.31.22-150200.78.1 * zypper-1.14.66-150200.65.1 * libzypp-debuginfo-17.31.22-150200.78.1 * SUSE Manager Server 4.2 (noarch) * zypper-needs-restarting-1.14.66-150200.65.1 * zypper-log-1.14.66-150200.65.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1041742 * https://bugzilla.suse.com/show_bug.cgi?id=1203760 * https://bugzilla.suse.com/show_bug.cgi?id=1212422 * https://bugzilla.suse.com/show_bug.cgi?id=1215979 * https://bugzilla.suse.com/show_bug.cgi?id=1216091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 16:19:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 17:19:06 +0100 (CET) Subject: SUSE-CU-2023:3849-1: Recommended update of suse/sle15 Message-ID: <20231123161906.81E71F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3849-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.58 , suse/sle15:15.5 , suse/sle15:15.5.36.5.58 Container Release : 36.5.58 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Thu Nov 23 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4541-1: moderate: Recommended update for autofs Message-ID: <170075700289.5594.1649031247132173531@smelt2.prg2.suse.org> # Recommended update for autofs Announcement ID: SUSE-RU-2023:4541-1 Rating: moderate References: * bsc#1214710 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for autofs fixes the following issues: * Don't use initgroups at spawn to avoid child processes never getting killed (bsc#1214710) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4541=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4541=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4541=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * autofs-5.1.3-3.17.1 * autofs-debuginfo-5.1.3-3.17.1 * autofs-debugsource-5.1.3-3.17.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * autofs-5.1.3-3.17.1 * autofs-debuginfo-5.1.3-3.17.1 * autofs-debugsource-5.1.3-3.17.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * autofs-5.1.3-3.17.1 * autofs-debuginfo-5.1.3-3.17.1 * autofs-debugsource-5.1.3-3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214710 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4540-1: moderate: Recommended update for patterns-sap Message-ID: <170075700545.5594.9741165168204159622@smelt2.prg2.suse.org> # Recommended update for patterns-sap Announcement ID: SUSE-RU-2023:4540-1 Rating: moderate References: * bsc#1214161 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for patterns-sap fixes the following issues: * Adapt required packages to the new SAP BusinessOne. * Fixes an issue when SAP Installation Wizard stops after HANA installation. (bsc#1214161) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4540=1 openSUSE-SLE-15.5-2023-4540=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-4540=1 * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-4540=1 ## Package List: * openSUSE Leap 15.5 (ppc64le x86_64) * patterns-sap-bone-15.5.1-150500.5.5.1 * patterns-sap-nw-15.5.1-150500.5.5.1 * patterns-sap-hana-15.5.1-150500.5.5.1 * patterns-sap-15.5.1-150500.5.5.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * patterns-sap-nw-15.5.1-150500.5.5.1 * patterns-sap-hana-15.5.1-150500.5.5.1 * SAP Business One Module 15-SP5 (x86_64) * patterns-sap-bone-15.5.1-150500.5.5.1 * patterns-sap-hana-15.5.1-150500.5.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214161 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 16:30:09 -0000 Subject: SUSE-RU-2023:4539-1: moderate: Recommended update for unar Message-ID: <170075700900.5594.13714961490023402561@smelt2.prg2.suse.org> # Recommended update for unar Announcement ID: SUSE-RU-2023:4539-1 Rating: moderate References: * jsc#PED-6193 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for unar fixes the following issue: * use pkgconfig(icu-uc) for current libicu ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4539=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4539=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4539=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4539=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4539=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4539=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4539=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4539=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4539=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4539=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4539=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Manager Proxy 4.2 (x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * unar-debugsource-1.10.7-150200.3.3.2 * unar-debuginfo-1.10.7-150200.3.3.2 * unar-1.10.7-150200.3.3.2 ## References: * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 23 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2023 20:30:03 -0000 Subject: SUSE-RU-2023:4542-1: low: Recommended update for perl-Test-Warnings Message-ID: <170077140310.23961.7859102106215635582@smelt2.prg2.suse.org> # Recommended update for perl-Test-Warnings Announcement ID: SUSE-RU-2023:4542-1 Rating: low References: * bsc#1215584 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for perl-Test-Warnings fixes the following issues: * updated to 0.032 (see https://metacpan.org/dist/Test-Warnings/changes, bsc#1215584) 0.032 2023-09-30 23:36:50Z * new config variable, $ENV{PERL_TEST_WARNINGS_ONLY_REPORT_WARNINGS}, for temporarily turning failures into reports 0.031 2021-07-13 22:13:48Z * remove unneeded develop prereqs that caused metacpan to unduly raise the river position of some dependent modules ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4542=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4542=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4542=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4542=1 ## Package List: * openSUSE Leap 15.4 (noarch) * perl-Test-Warnings-0.32.0-150000.3.6.1 * openSUSE Leap 15.5 (noarch) * perl-Test-Warnings-0.32.0-150000.3.6.1 * Development Tools Module 15-SP4 (noarch) * perl-Test-Warnings-0.32.0-150000.3.6.1 * Development Tools Module 15-SP5 (noarch) * perl-Test-Warnings-0.32.0-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 08:03:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:03:14 +0100 (CET) Subject: SUSE-CU-2023:3852-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231124080314.44908F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3852-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.103 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.103 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated - container:sles15-image-15.0.0-36.5.58 updated From sle-updates at lists.suse.com Fri Nov 24 08:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:04:44 +0100 (CET) Subject: SUSE-CU-2023:3853-1: Recommended update of suse/sle15 Message-ID: <20231124080444.041B7F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3853-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.847 Container Release : 6.2.847 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4536-1 Released: Thu Nov 23 08:19:05 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150100.3.120.1 updated - zypper-1.14.66-150100.3.90.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:05:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:05:51 +0100 (CET) Subject: SUSE-CU-2023:3854-1: Recommended update of suse/sle15 Message-ID: <20231124080551.18948F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3854-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.374 Container Release : 9.5.374 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150200.78.1 updated - zypper-1.14.66-150200.65.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:06:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:06:48 +0100 (CET) Subject: SUSE-CU-2023:3855-1: Recommended update of suse/sle15 Message-ID: <20231124080648.979BEF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3855-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.216 , suse/sle15:15.3 , suse/sle15:15.3.17.20.216 Container Release : 17.20.216 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150200.78.1 updated - zypper-1.14.66-150200.65.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:07:25 +0100 (CET) Subject: SUSE-CU-2023:3856-1: Security update of bci/bci-init Message-ID: <20231124080725.7A698F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3856-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.31 Container Release : 30.31 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 08:07:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:07:49 +0100 (CET) Subject: SUSE-CU-2023:3857-1: Security update of bci/nodejs Message-ID: <20231124080749.83917F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3857-1 Container Tags : bci/node:16 , bci/node:16-18.26 , bci/nodejs:16 , bci/nodejs:16-18.26 Container Release : 18.26 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 08:08:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:08:35 +0100 (CET) Subject: SUSE-CU-2023:3858-1: Security update of suse/pcp Message-ID: <20231124080835.89DACF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3858-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.197 , suse/pcp:5.2 , suse/pcp:5.2-17.197 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.197 Container Release : 17.197 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:bci-bci-init-15.4-15.4-30.31 updated From sle-updates at lists.suse.com Fri Nov 24 08:09:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:09:08 +0100 (CET) Subject: SUSE-CU-2023:3859-1: Security update of bci/python Message-ID: <20231124080908.D227BF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3859-1 Container Tags : bci/python:3 , bci/python:3-16.28 , bci/python:3.10 , bci/python:3.10-16.28 Container Release : 16.28 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 08:09:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:09:39 +0100 (CET) Subject: SUSE-CU-2023:3860-1: Security update of suse/sle15 Message-ID: <20231124080939.6A926F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3860-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.122 , suse/sle15:15.4 , suse/sle15:15.4.27.14.122 Container Release : 27.14.122 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:14:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:14:20 +0100 (CET) Subject: SUSE-CU-2023:3886-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231124081420.8449BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3886-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.12 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.12 Container Release : 9.40.12 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - python3-libxml2-2.9.14-150400.5.25.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:14:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:14:26 +0100 (CET) Subject: SUSE-CU-2023:3887-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231124081426.7636BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3887-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.10 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.10 Container Release : 9.30.10 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-updates at lists.suse.com Fri Nov 24 08:14:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:14:53 +0100 (CET) Subject: SUSE-CU-2023:3888-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20231124081453.5A1C2F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3888-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.498 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.498 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150200.78.1 updated - zypper-1.14.66-150200.65.1 updated - container:sles15-image-15.0.0-17.20.216 updated From sle-updates at lists.suse.com Fri Nov 24 08:16:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:16:14 +0100 (CET) Subject: SUSE-CU-2023:3890-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20231124081614.2D1DAF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3890-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.320 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.320 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libzypp-17.31.22-150200.78.1 updated - zypper-1.14.66-150200.65.1 updated - container:sles15-image-15.0.0-17.20.216 updated From sle-updates at lists.suse.com Fri Nov 24 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:02 -0000 Subject: SUSE-RU-2023:4553-1: moderate: Recommended update for libteam Message-ID: <170082900281.29207.8372425156376155464@smelt2.prg2.suse.org> # Recommended update for libteam Announcement ID: SUSE-RU-2023:4553-1 Rating: moderate References: * bsc#1215527 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for libteam fixes the following issues: * Document ARP Ping link_watch.vlanid option in teamd.conf man page (bsc#1215527) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4553=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4553=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4553=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libteamdctl0-1.21-5.12.1 * libteam5-debuginfo-1.21-5.12.1 * python-libteam-1.21-5.12.1 * libteam5-1.21-5.12.1 * python-libteam-debuginfo-1.21-5.12.1 * libteam-tools-1.21-5.12.1 * libteamdctl0-debuginfo-1.21-5.12.1 * libteam-tools-debuginfo-1.21-5.12.1 * libteam-debugsource-1.21-5.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libteamdctl0-1.21-5.12.1 * libteam5-debuginfo-1.21-5.12.1 * python-libteam-1.21-5.12.1 * libteam5-1.21-5.12.1 * python-libteam-debuginfo-1.21-5.12.1 * libteam-tools-1.21-5.12.1 * libteamdctl0-debuginfo-1.21-5.12.1 * libteam-tools-debuginfo-1.21-5.12.1 * libteam-debugsource-1.21-5.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libteamdctl0-1.21-5.12.1 * libteam5-debuginfo-1.21-5.12.1 * python-libteam-1.21-5.12.1 * libteam5-1.21-5.12.1 * python-libteam-debuginfo-1.21-5.12.1 * libteam-tools-1.21-5.12.1 * libteamdctl0-debuginfo-1.21-5.12.1 * libteam-tools-debuginfo-1.21-5.12.1 * libteam-debugsource-1.21-5.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4552-1: moderate: Recommended update for libteam Message-ID: <170082900476.29207.12270787523283533787@smelt2.prg2.suse.org> # Recommended update for libteam Announcement ID: SUSE-RU-2023:4552-1 Rating: moderate References: * bsc#1215527 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for libteam fixes the following issues: * Document ARP Ping link_watch.vlanid option in teamd.conf man page (bsc#1215527) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4552=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4552=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4552=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4552=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4552=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4552=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4552=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4552=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4552=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * python-libteam-debuginfo-1.27-150000.4.12.1 * python-libteam-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * python-libteam-debuginfo-1.27-150000.4.12.1 * python-libteam-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * SUSE Manager Proxy 4.2 (x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * python-libteam-debuginfo-1.27-150000.4.12.1 * python-libteam-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * python-libteam-debuginfo-1.27-150000.4.12.1 * python-libteam-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libteamdctl0-debuginfo-1.27-150000.4.12.1 * python-libteam-debuginfo-1.27-150000.4.12.1 * python-libteam-1.27-150000.4.12.1 * libteamdctl0-1.27-150000.4.12.1 * libteam-devel-1.27-150000.4.12.1 * libteam-debuginfo-1.27-150000.4.12.1 * libteam-tools-1.27-150000.4.12.1 * libteam-tools-debuginfo-1.27-150000.4.12.1 * libteam5-1.27-150000.4.12.1 * libteam-debugsource-1.27-150000.4.12.1 * libteam5-debuginfo-1.27-150000.4.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4551-1: important: Security update for MozillaFirefox Message-ID: <170082900816.29207.9461684480438962702@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4551-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4551=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4551=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4551=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4551=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4551=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4551=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4550-1: moderate: Security update for fdo-client Message-ID: <170082901152.29207.15809076436560367816@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4550-1 Rating: moderate References: * bsc#1216293 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4550=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:13 -0000 Subject: SUSE-SU-2023:4549-1: moderate: Security update for fdo-client Message-ID: <170082901392.29207.6349364509283056180@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4549-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:16 -0000 Subject: SUSE-SU-2023:4548-1: moderate: Security update for fdo-client Message-ID: <170082901669.29207.15147696824748588230@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4548-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4547-1: moderate: Security update for fdo-client Message-ID: <170082901966.29207.4398886268059371854@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4547-1 Rating: moderate References: * bsc#1216293 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4547=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4547=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * fdo-client-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * fdo-client-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150300.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:22 -0000 Subject: SUSE-SU-2023:4546-1: moderate: Security update for poppler Message-ID: <170082902268.29207.5535874721787545309@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4546-1 Rating: moderate References: * bsc#1128114 * bsc#1129202 * bsc#1143570 * bsc#1214256 * bsc#1214723 * bsc#1214726 Cross-References: * CVE-2019-14292 * CVE-2019-9545 * CVE-2019-9631 * CVE-2020-36023 * CVE-2022-37052 * CVE-2022-48545 CVSS scores: * CVE-2019-14292 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-14292 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-9631 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9631 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). * CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4546=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-debuginfo-0.24.4-14.41.1 * libpoppler44-0.24.4-14.41.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14292.html * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2019-9631.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2022-48545.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1129202 * https://bugzilla.suse.com/show_bug.cgi?id=1143570 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214723 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4545-1: important: Security update for squid Message-ID: <170082902549.29207.123669960874890086@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4545-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:28 -0000 Subject: SUSE-SU-2023:4544-1: important: Security update for squid Message-ID: <170082902811.29207.5771113472793764404@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4544-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4544=1 openSUSE-SLE-15.4-2023-4544=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4544=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4544=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4544=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:31 -0000 Subject: SUSE-SU-2023:4543-1: important: Security update for xerces-c Message-ID: <170082903120.29207.5352355825658304132@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4543-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4543=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-devel-3.1.1-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 15:55:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:55:59 +0100 (CET) Subject: SUSE-CU-2023:3891-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231124155559.859D8F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3891-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.261 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.261 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 15:56:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:56:26 +0100 (CET) Subject: SUSE-CU-2023:3892-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231124155626.690FAF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3892-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.158 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.158 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 15:57:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:05 +0100 (CET) Subject: SUSE-CU-2023:3893-1: Security update of suse/postgres Message-ID: <20231124155705.6BE1DF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3893-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.16 , suse/postgres:14.10 , suse/postgres:14.10-24.16 Container Release : 24.16 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-updates at lists.suse.com Fri Nov 24 15:57:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:37 +0100 (CET) Subject: SUSE-CU-2023:3896-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231124155737.4BF7EF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3896-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.13 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.13 Container Release : 9.40.13 Severity : moderate Type : recommended References : 1041742 1203760 1212422 1215979 1216091 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Nov 24 15:57:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:43 +0100 (CET) Subject: SUSE-CU-2023:3897-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231124155743.BAA06F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3897-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.13 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.13 Container Release : 9.30.13 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Fri Nov 24 15:57:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:51 +0100 (CET) Subject: SUSE-CU-2023:3898-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231124155751.F27D9F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3898-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.10 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.10 Container Release : 9.39.10 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-updates at lists.suse.com Fri Nov 24 15:57:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:58 +0100 (CET) Subject: SUSE-CU-2023:3899-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231124155758.46E15F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3899-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.11 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.11 Container Release : 9.30.11 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-updates at lists.suse.com Fri Nov 24 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:30:04 -0000 Subject: SUSE-RU-2023:4556-1: moderate: Recommended update for libstorage-ng Message-ID: <170084340410.17988.13674848051730642774@smelt2.prg2.suse.org> # Recommended update for libstorage-ng Announcement ID: SUSE-RU-2023:4556-1 Rating: moderate References: * bsc#1215022 Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for libstorage-ng fixes the following issues: * Add support for MD RAID type LINEAR (bsc#1215022) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4556=1 SUSE-2023-4556=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4556=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4556=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libstorage-ng-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-ruby-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-utils-4.5.101-150500.3.3.1 * libstorage-ng-python3-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng1-4.5.101-150500.3.3.1 * libstorage-ng-ruby-4.5.101-150500.3.3.1 * libstorage-ng-devel-4.5.101-150500.3.3.1 * libstorage-ng-utils-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng1-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-python3-4.5.101-150500.3.3.1 * libstorage-ng-debugsource-4.5.101-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * libstorage-ng-lang-4.5.101-150500.3.3.1 * libstorage-ng-integration-tests-4.5.101-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libstorage-ng-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-ruby-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng1-4.5.101-150500.3.3.1 * libstorage-ng-ruby-4.5.101-150500.3.3.1 * libstorage-ng-devel-4.5.101-150500.3.3.1 * libstorage-ng1-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-debugsource-4.5.101-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * libstorage-ng-lang-4.5.101-150500.3.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libstorage-ng-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-utils-debuginfo-4.5.101-150500.3.3.1 * libstorage-ng-utils-4.5.101-150500.3.3.1 * libstorage-ng-debugsource-4.5.101-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215022 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:30:08 -0000 Subject: SUSE-RU-2023:4554-1: moderate: Recommended update for xmlsec1 Message-ID: <170084340815.17988.981918253278376821@smelt2.prg2.suse.org> # Recommended update for xmlsec1 Announcement ID: SUSE-RU-2023:4554-1 Rating: moderate References: * bsc#1216737 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for xmlsec1 fixes the following issue: * Build against OpenSSL-1.0 which is the default for SLE12-SP4/SP5 (bsc#1216737) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4554=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4554=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4554=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4554=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-debugsource-1.2.37-8.9.2 * xmlsec1-gcrypt-devel-1.2.37-8.9.2 * xmlsec1-devel-1.2.37-8.9.2 * xmlsec1-openssl-devel-1.2.37-8.9.2 * xmlsec1-1.2.37-8.9.2 * xmlsec1-nss-devel-1.2.37-8.9.2 * xmlsec1-gnutls-devel-1.2.37-8.9.2 * xmlsec1-debuginfo-1.2.37-8.9.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.37-8.9.2 * xmlsec1-debugsource-1.2.37-8.9.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.9.2 * libxmlsec1-1-1.2.37-8.9.2 * libxmlsec1-nss1-1.2.37-8.9.2 * xmlsec1-1.2.37-8.9.2 * libxmlsec1-gnutls1-1.2.37-8.9.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.9.2 * libxmlsec1-openssl1-1.2.37-8.9.2 * libxmlsec1-1-debuginfo-1.2.37-8.9.2 * libxmlsec1-gcrypt1-1.2.37-8.9.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.9.2 * xmlsec1-debuginfo-1.2.37-8.9.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.37-8.9.2 * xmlsec1-debugsource-1.2.37-8.9.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.9.2 * libxmlsec1-1-1.2.37-8.9.2 * libxmlsec1-nss1-1.2.37-8.9.2 * xmlsec1-1.2.37-8.9.2 * libxmlsec1-gnutls1-1.2.37-8.9.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.9.2 * libxmlsec1-openssl1-1.2.37-8.9.2 * libxmlsec1-1-debuginfo-1.2.37-8.9.2 * libxmlsec1-gcrypt1-1.2.37-8.9.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.9.2 * xmlsec1-debuginfo-1.2.37-8.9.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.37-8.9.2 * xmlsec1-debugsource-1.2.37-8.9.2 * libxmlsec1-openssl1-debuginfo-1.2.37-8.9.2 * libxmlsec1-1-1.2.37-8.9.2 * libxmlsec1-nss1-1.2.37-8.9.2 * xmlsec1-1.2.37-8.9.2 * libxmlsec1-gnutls1-1.2.37-8.9.2 * libxmlsec1-nss1-debuginfo-1.2.37-8.9.2 * libxmlsec1-openssl1-1.2.37-8.9.2 * libxmlsec1-1-debuginfo-1.2.37-8.9.2 * libxmlsec1-gcrypt1-1.2.37-8.9.2 * libxmlsec1-gcrypt1-debuginfo-1.2.37-8.9.2 * xmlsec1-debuginfo-1.2.37-8.9.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216737 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:30:06 -0000 Subject: SUSE-RU-2023:4555-1: moderate: Recommended update for libstorage-ng Message-ID: <170084340617.17988.179485110166652232@smelt2.prg2.suse.org> # Recommended update for libstorage-ng Announcement ID: SUSE-RU-2023:4555-1 Rating: moderate References: * bsc#1215022 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for libstorage-ng fixes the following issues: * Add support for MD RAID type LINEAR (bsc#1215022) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4555=1 openSUSE-SLE-15.4-2023-4555=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4555=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4555=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libstorage-ng-python3-4.4.94-150400.3.3.1 * libstorage-ng1-4.4.94-150400.3.3.1 * libstorage-ng-utils-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng1-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-utils-4.4.94-150400.3.3.1 * libstorage-ng-devel-4.4.94-150400.3.3.1 * libstorage-ng-ruby-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-debugsource-4.4.94-150400.3.3.1 * libstorage-ng-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-ruby-4.4.94-150400.3.3.1 * libstorage-ng-python3-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-integration-tests-4.4.94-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * libstorage-ng-lang-4.4.94-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libstorage-ng1-4.4.94-150400.3.3.1 * libstorage-ng1-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-devel-4.4.94-150400.3.3.1 * libstorage-ng-ruby-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-debugsource-4.4.94-150400.3.3.1 * libstorage-ng-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-ruby-4.4.94-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * libstorage-ng-lang-4.4.94-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libstorage-ng-utils-debuginfo-4.4.94-150400.3.3.1 * libstorage-ng-debugsource-4.4.94-150400.3.3.1 * libstorage-ng-utils-4.4.94-150400.3.3.1 * libstorage-ng-debuginfo-4.4.94-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215022 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4566-1: important: Security update for slurm_23_02 Message-ID: <170085780630.5769.6298716375354745079@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4566-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4566=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4566=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4566=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4566=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4566=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-testsuite-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * openSUSE Leap 15.3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-openlava-23.02.6-150300.7.14.1 * slurm_23_02-sjstat-23.02.6-150300.7.14.1 * slurm_23_02-seff-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:10 -0000 Subject: SUSE-SU-2023:4565-1: important: Security update for slurm_23_02 Message-ID: <170085781014.5769.13838728278920162962@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4565-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4565=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * slurm_23_02-torque-23.02.6-150200.5.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-auth-none-23.02.6-150200.5.14.1 * perl-slurm_23_02-23.02.6-150200.5.14.1 * libpmi0_23_02-23.02.6-150200.5.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-lua-23.02.6-150200.5.14.1 * libnss_slurm2_23_02-23.02.6-150200.5.14.1 * slurm_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150200.5.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150200.5.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugins-23.02.6-150200.5.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-devel-23.02.6-150200.5.14.1 * slurm_23_02-rest-23.02.6-150200.5.14.1 * libslurm39-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-pam_slurm-23.02.6-150200.5.14.1 * slurm_23_02-debugsource-23.02.6-150200.5.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-sview-23.02.6-150200.5.14.1 * slurm_23_02-node-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-23.02.6-150200.5.14.1 * slurm_23_02-sql-23.02.6-150200.5.14.1 * slurm_23_02-node-23.02.6-150200.5.14.1 * slurm_23_02-cray-23.02.6-150200.5.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150200.5.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-munge-23.02.6-150200.5.14.1 * libslurm39-23.02.6-150200.5.14.1 * libpmi0_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-slurmdbd-23.02.6-150200.5.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_23_02-webdoc-23.02.6-150200.5.14.1 * slurm_23_02-config-23.02.6-150200.5.14.1 * slurm_23_02-doc-23.02.6-150200.5.14.1 * slurm_23_02-config-man-23.02.6-150200.5.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:12 -0000 Subject: SUSE-SU-2023:4564-1: important: Security update for slurm_23_02 Message-ID: <170085781250.5769.4458411898890680088@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4564-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4564=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpmi0_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-slurmdbd-23.02.6-150100.3.14.1 * libnss_slurm2_23_02-23.02.6-150100.3.14.1 * perl-slurm_23_02-23.02.6-150100.3.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-cray-23.02.6-150100.3.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-auth-none-23.02.6-150100.3.14.1 * slurm_23_02-devel-23.02.6-150100.3.14.1 * libpmi0_23_02-23.02.6-150100.3.14.1 * slurm_23_02-munge-23.02.6-150100.3.14.1 * slurm_23_02-debugsource-23.02.6-150100.3.14.1 * slurm_23_02-node-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-pam_slurm-23.02.6-150100.3.14.1 * slurm_23_02-sview-23.02.6-150100.3.14.1 * slurm_23_02-sql-23.02.6-150100.3.14.1 * slurm_23_02-node-23.02.6-150100.3.14.1 * slurm_23_02-torque-23.02.6-150100.3.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150100.3.14.1 * libslurm39-23.02.6-150100.3.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-lua-23.02.6-150100.3.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150100.3.14.1 * slurm_23_02-23.02.6-150100.3.14.1 * libslurm39-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150100.3.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugins-23.02.6-150100.3.14.1 * slurm_23_02-rest-23.02.6-150100.3.14.1 * slurm_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150100.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_23_02-config-23.02.6-150100.3.14.1 * slurm_23_02-config-man-23.02.6-150100.3.14.1 * slurm_23_02-webdoc-23.02.6-150100.3.14.1 * slurm_23_02-doc-23.02.6-150100.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:14 -0000 Subject: SUSE-SU-2023:4563-1: important: Security update for slurm_23_02 Message-ID: <170085781470.5769.15469330495492048232@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4563-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4563=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_23_02-munge-23.02.6-3.13.1 * slurm_23_02-auth-none-23.02.6-3.13.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-3.13.1 * slurm_23_02-lua-23.02.6-3.13.1 * slurm_23_02-munge-debuginfo-23.02.6-3.13.1 * slurm_23_02-plugins-23.02.6-3.13.1 * slurm_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-3.13.1 * slurm_23_02-sql-23.02.6-3.13.1 * slurm_23_02-debugsource-23.02.6-3.13.1 * slurm_23_02-torque-debuginfo-23.02.6-3.13.1 * slurm_23_02-slurmdbd-23.02.6-3.13.1 * slurm_23_02-plugins-debuginfo-23.02.6-3.13.1 * slurm_23_02-auth-none-debuginfo-23.02.6-3.13.1 * libpmi0_23_02-23.02.6-3.13.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-3.13.1 * libnss_slurm2_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-devel-23.02.6-3.13.1 * slurm_23_02-node-23.02.6-3.13.1 * slurm_23_02-cray-23.02.6-3.13.1 * slurm_23_02-pam_slurm-23.02.6-3.13.1 * perl-slurm_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-sql-debuginfo-23.02.6-3.13.1 * libslurm39-debuginfo-23.02.6-3.13.1 * slurm_23_02-23.02.6-3.13.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-3.13.1 * perl-slurm_23_02-23.02.6-3.13.1 * slurm_23_02-sview-23.02.6-3.13.1 * slurm_23_02-sview-debuginfo-23.02.6-3.13.1 * libnss_slurm2_23_02-23.02.6-3.13.1 * slurm_23_02-torque-23.02.6-3.13.1 * libslurm39-23.02.6-3.13.1 * slurm_23_02-lua-debuginfo-23.02.6-3.13.1 * slurm_23_02-cray-debuginfo-23.02.6-3.13.1 * libpmi0_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-node-debuginfo-23.02.6-3.13.1 * HPC Module 12 (noarch) * slurm_23_02-webdoc-23.02.6-3.13.1 * slurm_23_02-config-man-23.02.6-3.13.1 * slurm_23_02-config-23.02.6-3.13.1 * slurm_23_02-doc-23.02.6-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:16 -0000 Subject: SUSE-SU-2023:4562-1: moderate: Security update for poppler Message-ID: <170085781692.5769.15028258055327425600@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4562-1 Rating: moderate References: * bsc#1128114 * bsc#1214256 * bsc#1214726 Cross-References: * CVE-2019-9545 * CVE-2020-36023 * CVE-2022-37052 CVSS scores: * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4562=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4562=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4562=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4562=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4562=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4562=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * SUSE Manager Proxy 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-0.79.0-150200.3.26.1 * libpoppler89-32bit-debuginfo-0.79.0-150200.3.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:19 -0000 Subject: SUSE-SU-2023:4561-1: important: Security update for webkit2gtk3 Message-ID: <170085781974.5769.10600952351216371489@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4561-1 Rating: important References: * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4561=1 openSUSE-SLE-15.4-2023-4561=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4561=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4561=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4561=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4561=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4561=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4561=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4561=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:25 -0000 Subject: SUSE-SU-2023:4559-1: important: Security update for webkit2gtk3 Message-ID: <170085782539.5769.11074354129395397446@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4559-1 Rating: important References: * bsc#1216778 * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Bug fixes: * Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4559=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4559=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4559=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE CaaS Platform 4.0 (x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1216778 * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:27 -0000 Subject: SUSE-SU-2023:4558-1: important: Security update for webkit2gtk3 Message-ID: <170085782768.5769.10797636896004175635@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4558-1 Rating: important References: * bsc#1216778 * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Bug fixes: * Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4558=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4558=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4558=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4558=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4558=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4558=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1216778 * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4560-1: important: Security update for vim Message-ID: <170085782335.5769.8725117337218398895@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4560-1 Rating: important References: * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Nov 24 20:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:30 -0000 Subject: SUSE-SU-2023:4557-1: important: Security update for vim Message-ID: <170085783098.5769.10475103955401632082@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4557-1 Rating: important References: * bsc#1214922 * bsc#1214924 * bsc#1214925 * bsc#1215004 * bsc#1215006 * bsc#1215033 * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-4733 * CVE-2023-4734 * CVE-2023-4735 * CVE-2023-4738 * CVE-2023-4752 * CVE-2023-4781 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4733 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-4735 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( NVD ): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-4738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 2103, fixes the following security problems * CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696) * CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922) * CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924) * CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925) * CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004) * CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006) * CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4557=1 openSUSE-SLE-15.5-2023-4557=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4557=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4557=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4557=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-4733.html * https://www.suse.com/security/cve/CVE-2023-4734.html * https://www.suse.com/security/cve/CVE-2023-4735.html * https://www.suse.com/security/cve/CVE-2023-4738.html * https://www.suse.com/security/cve/CVE-2023-4752.html * https://www.suse.com/security/cve/CVE-2023-4781.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1214922 * https://bugzilla.suse.com/show_bug.cgi?id=1214924 * https://bugzilla.suse.com/show_bug.cgi?id=1214925 * https://bugzilla.suse.com/show_bug.cgi?id=1215004 * https://bugzilla.suse.com/show_bug.cgi?id=1215006 * https://bugzilla.suse.com/show_bug.cgi?id=1215033 * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4570-1: moderate: Recommended update for spack Message-ID: <170107380204.18296.16002124357161817492@smelt2.prg2.suse.org> # Recommended update for spack Announcement ID: SUSE-RU-2023:4570-1 Rating: moderate References: * bsc#1216941 Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that has one fix can now be installed. ## Description: This update for spack fixes the following issues: * Updated to version 0.20.3 with the following changes (bsc#1216941): * Bug fixes: * Fix a bug where `spack mirror set-url` would drop configured connection info. * Fix a minor issue with package hash computation for Python 3.12. * Improve escaping in Tcl module files. * Make repo cache work on repositouries with zero mtime. * Ignore errors for newer, incompatible buildcache version. * Print an error when git is required, but missing. * Ensure missing build dependencies get installed when using `spack install --overwrite`. * Fix an issue where Spack freezes when the build process unexpectedly exits. * Fix a bug where installation failures cause an unrelated `NameError` to be thrown. * Fix an issue where Spack package versions would be incorrectly derived from git tags. * Fix a bug triggered when file locking fails internally. * Prevent `spack external find` to error out when a directory cannot be accessed. * Fix multiple performance regressions in environments. * Add more ignored modules to `pyproject.toml` for `mypy`. * Features: * Spack now supports Python 3.12. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4570=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4570=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4570=1 ## Package List: * openSUSE Leap 15.3 (noarch) * spack-recipes-0.20.3-150300.9.1 * spack-0.20.3-150300.9.1 * spack-info-0.20.3-150300.9.1 * spack-man-0.20.3-150300.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * spack-recipes-0.20.3-150300.9.1 * spack-0.20.3-150300.9.1 * spack-info-0.20.3-150300.9.1 * spack-man-0.20.3-150300.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * spack-recipes-0.20.3-150300.9.1 * spack-0.20.3-150300.9.1 * spack-info-0.20.3-150300.9.1 * spack-man-0.20.3-150300.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216941 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 08:30:03 -0000 Subject: SUSE-RU-2023:4569-1: moderate: Recommended update for spack Message-ID: <170107380368.18296.14855687137638732453@smelt2.prg2.suse.org> # Recommended update for spack Announcement ID: SUSE-RU-2023:4569-1 Rating: moderate References: * bsc#1216941 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 An update that has one fix can now be installed. ## Description: This update for spack fixes the following issues: * Updated to version 0.20.3 with the following changes (bsc#1216941): * Bug fixes: * Fix a bug where `spack mirror set-url` would drop configured connection info. * Fix a minor issue with package hash computation for Python 3.12. * Improve escaping in Tcl module files. * Make repo cache work on repositouries with zero mtime. * Ignore errors for newer, incompatible buildcache version. * Print an error when git is required, but missing. * Ensure missing build dependencies get installed when using `spack install --overwrite`. * Fix an issue where Spack freezes when the build process unexpectedly exits. * Fix a bug where installation failures cause an unrelated `NameError` to be thrown. * Fix an issue where Spack package versions would be incorrectly derived from git tags. * Fix a bug triggered when file locking fails internally. * Prevent `spack external find` to error out when a directory cannot be accessed. * Fix multiple performance regressions in environments. * Add more ignored modules to `pyproject.toml` for `mypy`. * Features: * Spack now supports Python 3.12. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4569=1 openSUSE-SLE-15.4-2023-4569=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4569=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4569=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4569=1 ## Package List: * openSUSE Leap 15.4 (noarch) * spack-recipes-0.20.3-150400.9.1 * spack-0.20.3-150400.9.1 * spack-info-0.20.3-150400.9.1 * spack-man-0.20.3-150400.9.1 * openSUSE Leap 15.5 (noarch) * spack-recipes-0.20.3-150400.9.1 * spack-info-0.20.3-150400.9.1 * spack-0.20.3-150400.9.1 * spack-man-0.20.3-150400.9.1 * HPC Module 15-SP4 (noarch) * spack-recipes-0.20.3-150400.9.1 * spack-info-0.20.3-150400.9.1 * spack-0.20.3-150400.9.1 * spack-man-0.20.3-150400.9.1 * HPC Module 15-SP5 (noarch) * spack-recipes-0.20.3-150400.9.1 * spack-info-0.20.3-150400.9.1 * spack-0.20.3-150400.9.1 * spack-man-0.20.3-150400.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216941 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 08:30:05 -0000 Subject: SUSE-RU-2023:4568-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <170107380547.18296.1354151185190914943@smelt2.prg2.suse.org> # Recommended update for gnu-compilers-hpc Announcement ID: SUSE-RU-2023:4568-1 Rating: moderate References: * bsc#1216999 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for gnu-compilers-hpc fixes the following issues: * Implemented Environment Module Files for the GNU Compiler Toolchain version 13. To use the gcc/g++/gfortran version 13 thru HPC environment modules `gnu13-compilers-hpc` (runtime) and `gnu13-compilers-hpc-devel` (build time, including compilers) are now available. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4568=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4568=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4568=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4568=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4568=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4568=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4568=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4568=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4568=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4568=1 ## Package List: * openSUSE Leap 15.4 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * openSUSE Leap 15.5 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * HPC Module 15-SP4 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * HPC Module 15-SP5 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Package Hub 15 15-SP4 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Package Hub 15 15-SP5 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gnu13-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-1.4-150100.3.31.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-devel-1.4-150100.3.31.1 * gnu13-compilers-hpc-devel-1.4-150100.3.31.1 * gnu-compilers-hpc-1.4-150100.3.31.1 * gnu12-compilers-hpc-devel-1.4-150100.3.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216999 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4585-1: moderate: Recommended update for google-noto-serif-cjk-fonts Message-ID: <170108820439.634.1498180166598633791@smelt2.prg2.suse.org> # Recommended update for google-noto-serif-cjk-fonts Announcement ID: SUSE-RU-2023:4585-1 Rating: moderate References: * bsc#1216805 * jsc#PED-4918 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one fix can now be installed. ## Description: This update for google-noto-serif-cjk-fonts fixes the following issues: This update delivers the current sets of fonts: * Google Noto Serif CJK Fonts version 2.001. * Google Noto Fonts 20220607 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4585=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4585=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4585=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4585=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4585=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4585=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4585=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4585=1 ## Package List: * Basesystem Module 15-SP4 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * noto-arimo-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * Basesystem Module 15-SP5 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * noto-arimo-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 * SUSE Enterprise Storage 7.1 (noarch) * google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-deseret-fonts-20220607-150200.11.3.3 * noto-sans-signwriting-fonts-20220607-150200.11.3.3 * noto-serif-ethiopic-fonts-20220607-150200.11.3.3 * noto-serif-balinese-fonts-20220607-150200.11.3.3 * noto-serif-tibetan-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-wancho-fonts-20220607-150200.11.3.3 * noto-sans-oriya-fonts-20220607-150200.11.3.3 * noto-loopedthai-fonts-20220607-150200.11.3.3 * noto-sans-carian-fonts-20220607-150200.11.3.3 * noto-sans-linearb-fonts-20220607-150200.11.3.3 * noto-serif-tamilslanted-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-oldhungarian-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1 * noto-sans-thai-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3 * noto-sans-kaithi-fonts-20220607-150200.11.3.3 * noto-sans-tangsa-fonts-20220607-150200.11.3.3 * noto-serif-georgian-fonts-20220607-150200.11.3.3 * noto-sans-math-fonts-20220607-150200.11.3.3 * noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3 * noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3 * noto-sans-limbu-fonts-20220607-150200.11.3.3 * noto-sans-telugu-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-coptic-fonts-20220607-150200.11.3.3 * noto-sans-javanese-fonts-20220607-150200.11.3.3 * noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3 * noto-sans-sundanese-fonts-20220607-150200.11.3.3 * noto-sans-tagbanwa-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-masaramgondi-fonts-20220607-150200.11.3.3 * noto-sans-soyombo-fonts-20220607-150200.11.3.3 * noto-sans-yi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ugaritic-fonts-20220607-150200.11.3.3 * noto-sans-buginese-fonts-20220607-150200.11.3.3 * noto-sans-khmer-fonts-20220607-150200.11.3.3 * noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3 * noto-sans-samaritan-fonts-20220607-150200.11.3.3 * noto-sans-thaana-fonts-20220607-150200.11.3.3 * noto-sans-telugu-ui-fonts-20220607-150200.11.3.3 * noto-serif-olduyghur-fonts-20220607-150200.11.3.3 * noto-serif-makasar-fonts-20220607-150200.11.3.3 * noto-sans-lao-ui-fonts-20220607-150200.11.3.3 * noto-sans-avestan-fonts-20220607-150200.11.3.3 * noto-sans-bengali-ui-fonts-20220607-150200.11.3.3 * noto-sans-olchiki-fonts-20220607-150200.11.3.3 * noto-sans-vai-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3 * noto-sans-georgian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3 * noto-sans-warangciti-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-tifinagh-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-hk-mono-fonts-20201202.2.004-150200.10.7.1 * noto-sans-modi-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kharoshthi-fonts-20220607-150200.11.3.3 * noto-sans-lycian-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-hk-light-fonts-20201202.2.004-150200.10.7.1 * noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3 * noto-sans-ogham-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-shavian-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghair-fonts-20220607-150200.11.3.3 * noto-serif-divesakuru-fonts-20220607-150200.11.3.3 * noto-serif-vithkuqi-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hebrewnew-fonts-20220607-150200.11.3.3 * noto-serif-tamil-fonts-20220607-150200.11.3.3 * noto-sans-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-tirhuta-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-miao-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-loopedthai-ui-fonts-20220607-150200.11.3.3 * noto-sans-bassavah-fonts-20220607-150200.11.3.3 * noto-sans-siddham-fonts-20220607-150200.11.3.3 * noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3 * noto-sans-armenian-fonts-20220607-150200.11.3.3 * google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cuneiform-fonts-20220607-150200.11.3.3 * noto-sans-fonts-20220607-150200.11.3.3 * noto-sans-sylotinagri-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-elymaic-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-hanunoo-fonts-20220607-150200.11.3.3 * noto-serif-display-fonts-20220607-150200.11.3.3 * noto-serif-thai-fonts-20220607-150200.11.3.3 * noto-sans-oldsogdian-fonts-20220607-150200.11.3.3 * noto-sans-taiviet-fonts-20220607-150200.11.3.3 * noto-sans-adlam-fonts-20220607-150200.11.3.3 * noto-sans-oldpersian-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3 * noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3 * noto-sans-oldpermic-fonts-20220607-150200.11.3.3 * noto-sans-phagspa-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3 * noto-sans-chorasmian-fonts-20220607-150200.11.3.3 * noto-sans-mahajani-fonts-20220607-150200.11.3.3 * noto-serif-hebrew-fonts-20220607-150200.11.3.3 * noto-sans-mandaic-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-mro-fonts-20220607-150200.11.3.3 * noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3 * noto-sans-sogdian-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3 * noto-serif-myanmar-fonts-20220607-150200.11.3.3 * noto-serif-ahom-fonts-20220607-150200.11.3.3 * noto-sans-multani-fonts-20220607-150200.11.3.3 * noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3 * noto-serif-yezidi-fonts-20220607-150200.11.3.3 * noto-sans-oriya-ui-fonts-20220607-150200.11.3.3 * noto-sans-elbasan-fonts-20220607-150200.11.3.3 * noto-sans-palmyrene-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3 * noto-serif-grantha-fonts-20220607-150200.11.3.3 * noto-sans-duployan-fonts-20220607-150200.11.3.3 * noto-sans-mongolian-fonts-20220607-150200.11.3.3 * noto-sans-nushu-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-fonts-20220607-150200.11.3.3 * noto-sans-khojki-fonts-20220607-150200.11.3.3 * noto-sans-batak-fonts-20220607-150200.11.3.3 * noto-serif-kannada-fonts-20220607-150200.11.3.3 * noto-sans-symbols2-fonts-20220607-150200.11.3.3 * noto-sans-saurashtra-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-lisu-fonts-20220607-150200.11.3.3 * noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-osage-fonts-20220607-150200.11.3.3 * noto-sans-medefaidrin-fonts-20220607-150200.11.3.3 * noto-sans-symbols-fonts-20220607-150200.11.3.3 * noto-sans-lineara-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-takri-fonts-20220607-150200.11.3.3 * noto-serif-sinhala-fonts-20220607-150200.11.3.3 * noto-music-fonts-20220607-150200.11.3.3 * noto-serif-gurmukhi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1 * noto-loopedlao-ui-fonts-20220607-150200.11.3.3 * noto-sans-nandinagari-fonts-20220607-150200.11.3.3 * noto-sans-osmanya-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1 * noto-serif-tangut-fonts-20220607-150200.11.3.3 * noto-sans-buhid-fonts-20220607-150200.11.3.3 * noto-sans-cyprominoan-fonts-20220607-150200.11.3.3 * noto-serif-devanagari-fonts-20220607-150200.11.3.3 * noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3 * noto-sans-nabataean-fonts-20220607-150200.11.3.3 * noto-naskharabic-fonts-20220607-150200.11.3.3 * noto-traditionalnushu-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1 * noto-loopedlao-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1 * noto-sans-mayannumerals-fonts-20220607-150200.11.3.3 * noto-sans-mendekikakui-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-cypriot-fonts-20220607-150200.11.3.3 * noto-sans-marchen-fonts-20220607-150200.11.3.3 * noto-sans-lao-fonts-20220607-150200.11.3.3 * noto-sans-manichaean-fonts-20220607-150200.11.3.3 * noto-cousine-fonts-20220607-150200.11.3.3 * noto-nastaliqurdu-fonts-20220607-150200.11.3.3 * noto-sans-paucinhau-fonts-20220607-150200.11.3.3 * noto-sans-tamil-fonts-20220607-150200.11.3.3 * noto-sans-sharada-fonts-20220607-150200.11.3.3 * noto-serif-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-arabic-ui-fonts-20220607-150200.11.3.3 * noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3 * noto-sans-thai-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1 * google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1 * noto-sans-balinese-fonts-20220607-150200.11.3.3 * noto-sans-lydian-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-grantha-fonts-20220607-150200.11.3.3 * google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1 * noto-naskharabic-ui-fonts-20220607-150200.11.3.3 * noto-serif-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3 * noto-serif-toto-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-serif-hk-fonts-full-20201202.2.001-150200.3.4.1 * noto-sans-meroitic-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-bold-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3 * noto-serif-khmer-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-phoenician-fonts-20220607-150200.11.3.3 * noto-sans-brahmi-fonts-20220607-150200.11.3.3 * noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3 * noto-sans-taitham-fonts-20220607-150200.11.3.3 * noto-sans-chakma-fonts-20220607-150200.11.3.3 * noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1 * noto-sans-khudawadi-fonts-20220607-150200.11.3.3 * noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3 * noto-sans-syriac-fonts-20220607-150200.11.3.3 * noto-sans-vithkuqi-fonts-20220607-150200.11.3.3 * noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-bengali-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1 * google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1 * google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-khmer-ui-fonts-20220607-150200.11.3.3 * noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3 * noto-sans-mono-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1 * noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3 * noto-sans-olditalic-fonts-20220607-150200.11.3.3 * noto-sans-runic-fonts-20220607-150200.11.3.3 * noto-sans-gujarati-fonts-20220607-150200.11.3.3 * noto-sans-lepcha-fonts-20220607-150200.11.3.3 * noto-kufiarabic-fonts-20220607-150200.11.3.3 * noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3 * google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-gothic-fonts-20220607-150200.11.3.3 * noto-sans-bengali-fonts-20220607-150200.11.3.3 * noto-serif-telugu-fonts-20220607-150200.11.3.3 * noto-serif-oriya-fonts-20220607-150200.11.3.3 * noto-tinos-fonts-20220607-150200.11.3.3 * noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3 * noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3 * noto-sans-newtailue-fonts-20220607-150200.11.3.3 * noto-sans-tagalog-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kannada-ui-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-arimo-fonts-20220607-150200.11.3.3 * noto-sans-cham-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1 * noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1 * noto-fonts-20220607-150200.11.3.3 * noto-sans-rejang-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-fonts-20201202.2.004-150200.10.7.1 * noto-sans-kayahli-fonts-20220607-150200.11.3.3 * noto-sans-oldturkic-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1 * noto-serif-dogra-fonts-20220607-150200.11.3.3 * noto-rashihebrew-fonts-20220607-150200.11.3.3 * google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1 * noto-serif-malayalam-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1 * noto-sans-ethiopic-fonts-20220607-150200.11.3.3 * noto-sans-tamil-ui-fonts-20220607-150200.11.3.3 * noto-sans-cherokee-fonts-20220607-150200.11.3.3 * noto-sans-meeteimayek-fonts-20220607-150200.11.3.3 * google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1 * noto-sans-kannada-fonts-20220607-150200.11.3.3 * noto-serif-armenian-fonts-20220607-150200.11.3.3 * noto-sans-taile-fonts-20220607-150200.11.3.3 * noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-newa-fonts-20220607-150200.11.3.3 * noto-sans-nko-fonts-20220607-150200.11.3.3 * google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1 * google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1 * noto-sans-sorasompeng-fonts-20220607-150200.11.3.3 * google-noto-serif-hk-fonts-20201202.2.001-150200.3.4.1 * google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1 * noto-sans-bamum-fonts-20220607-150200.11.3.3 * noto-sans-hatran-fonts-20220607-150200.11.3.3 * noto-serif-lao-fonts-20220607-150200.11.3.3 * google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1 * noto-sans-arabic-fonts-20220607-150200.11.3.3 * noto-sans-glagolitic-fonts-20220607-150200.11.3.3 * google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1 * noto-serif-khojki-fonts-20220607-150200.11.3.3 * google-noto-sans-hk-demilight-fonts-20201202.2.004-150200.10.7.1 * google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1 * noto-sans-myanmar-fonts-20220607-150200.11.3.3 * google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1 * noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216805 * https://jira.suse.com/browse/PED-4918 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4584-1: moderate: Recommended update for fdo-client Message-ID: <170108820710.634.14531062716152137257@smelt2.prg2.suse.org> # Recommended update for fdo-client Announcement ID: SUSE-RU-2023:4584-1 Rating: moderate References: * bsc#1216293 Affected Products: * SUSE Linux Enterprise Micro 5.1 An update that has one fix can now be installed. ## Description: This update for fdo-client fixes the following issue: * Removed build key via `utils/keys_gen.sh`. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4584=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150300.1.6.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150300.1.6.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150300.1.6.1 * fdo-client-1.0.0+git20210816.baa09b5-150300.1.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:11 -0000 Subject: SUSE-FU-2023:4583-1: moderate: Feature update for python-psutil Message-ID: <170108821133.634.7224385163169810643@smelt2.prg2.suse.org> # Feature update for python-psutil Announcement ID: SUSE-FU-2023:4583-1 Rating: moderate References: * bsc#1111622 * bsc#1170175 * bsc#1176785 * bsc#1184753 * bsc#1199282 * jsc#ECO-3105 * jsc#PED-7192 * jsc#PM-2352 * jsc#PM-3243 * jsc#SLE-24629 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains five features and has five fixes can now be installed. ## Description: This update for python-psutil, python-requests fixes the following issues: * update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) * Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. * remove the dependency on net-tools, since it conflicts with busybox- hostnmame which is default on MicroOS * Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) * Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4583=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4583=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4583=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4583=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4583=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4583=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4583=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4583=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4583=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4583=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4583=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4583=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4583=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4583=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4583=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4583=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4583=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4583=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4583=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4583=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-requests-2.25.1-150300.3.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-psutil-5.9.1-150300.3.6.1 * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python2-psutil-5.9.1-150300.3.6.1 * python2-psutil-debuginfo-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * openSUSE Leap 15.3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * python2-requests-2.25.1-150300.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * openSUSE Leap Micro 5.3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * openSUSE Leap Micro 5.4 (noarch) * python3-requests-2.25.1-150300.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * openSUSE Leap 15.4 (noarch) * python3-requests-2.25.1-150300.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * openSUSE Leap 15.5 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-requests-2.25.1-150300.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * Basesystem Module 15-SP4 (noarch) * python3-requests-2.25.1-150300.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * Basesystem Module 15-SP5 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-requests-2.25.1-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-psutil-debuginfo-5.9.1-150300.3.6.1 * python-psutil-debugsource-5.9.1-150300.3.6.1 * python3-psutil-5.9.1-150300.3.6.1 * python3-psutil-debuginfo-5.9.1-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-requests-2.25.1-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1111622 * https://bugzilla.suse.com/show_bug.cgi?id=1170175 * https://bugzilla.suse.com/show_bug.cgi?id=1176785 * https://bugzilla.suse.com/show_bug.cgi?id=1184753 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://jira.suse.com/browse/ECO-3105 * https://jira.suse.com/browse/PED-7192 * https://jira.suse.com/browse/PM-2352 * https://jira.suse.com/browse/PM-3243 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4582-1: important: Security update for slurm_22_05 Message-ID: <170108821457.634.10330868760779793811@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4582-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4582=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_22_05-lua-debuginfo-22.05.10-3.6.1 * slurm_22_05-debugsource-22.05.10-3.6.1 * slurm_22_05-sql-debuginfo-22.05.10-3.6.1 * libslurm38-22.05.10-3.6.1 * slurm_22_05-node-debuginfo-22.05.10-3.6.1 * perl-slurm_22_05-debuginfo-22.05.10-3.6.1 * libpmi0_22_05-debuginfo-22.05.10-3.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-3.6.1 * slurm_22_05-22.05.10-3.6.1 * libslurm38-debuginfo-22.05.10-3.6.1 * slurm_22_05-sview-debuginfo-22.05.10-3.6.1 * slurm_22_05-torque-22.05.10-3.6.1 * slurm_22_05-munge-debuginfo-22.05.10-3.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-3.6.1 * slurm_22_05-torque-debuginfo-22.05.10-3.6.1 * slurm_22_05-auth-none-22.05.10-3.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-3.6.1 * slurm_22_05-slurmdbd-22.05.10-3.6.1 * slurm_22_05-node-22.05.10-3.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-3.6.1 * slurm_22_05-debuginfo-22.05.10-3.6.1 * libpmi0_22_05-22.05.10-3.6.1 * slurm_22_05-sview-22.05.10-3.6.1 * perl-slurm_22_05-22.05.10-3.6.1 * slurm_22_05-munge-22.05.10-3.6.1 * slurm_22_05-lua-22.05.10-3.6.1 * libnss_slurm2_22_05-22.05.10-3.6.1 * slurm_22_05-devel-22.05.10-3.6.1 * slurm_22_05-pam_slurm-22.05.10-3.6.1 * slurm_22_05-sql-22.05.10-3.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-3.6.1 * slurm_22_05-plugins-22.05.10-3.6.1 * HPC Module 12 (noarch) * slurm_22_05-doc-22.05.10-3.6.1 * slurm_22_05-webdoc-22.05.10-3.6.1 * slurm_22_05-config-22.05.10-3.6.1 * slurm_22_05-config-man-22.05.10-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4581-1: important: Security update for slurm_22_05 Message-ID: <170108821792.634.2638925993453600729@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4581-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4581=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * perl-slurm_22_05-22.05.10-150100.3.6.1 * libslurm38-22.05.10-150100.3.6.1 * slurm_22_05-slurmdbd-22.05.10-150100.3.6.1 * slurm_22_05-lua-22.05.10-150100.3.6.1 * slurm_22_05-sview-22.05.10-150100.3.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-22.05.10-150100.3.6.1 * libnss_slurm2_22_05-22.05.10-150100.3.6.1 * libslurm38-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-devel-22.05.10-150100.3.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-plugins-22.05.10-150100.3.6.1 * slurm_22_05-munge-22.05.10-150100.3.6.1 * slurm_22_05-rest-22.05.10-150100.3.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-pam_slurm-22.05.10-150100.3.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-debugsource-22.05.10-150100.3.6.1 * slurm_22_05-torque-22.05.10-150100.3.6.1 * libpmi0_22_05-debuginfo-22.05.10-150100.3.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150100.3.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-node-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-sql-22.05.10-150100.3.6.1 * slurm_22_05-debuginfo-22.05.10-150100.3.6.1 * libpmi0_22_05-22.05.10-150100.3.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-node-22.05.10-150100.3.6.1 * slurm_22_05-auth-none-22.05.10-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_22_05-doc-22.05.10-150100.3.6.1 * slurm_22_05-webdoc-22.05.10-150100.3.6.1 * slurm_22_05-config-man-22.05.10-150100.3.6.1 * slurm_22_05-config-22.05.10-150100.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:21 -0000 Subject: SUSE-SU-2023:4580-1: important: Security update for slurm_22_05 Message-ID: <170108822107.634.13749857335061475581@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4580-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4580=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * perl-slurm_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-debugsource-22.05.10-150200.5.6.1 * slurm_22_05-pam_slurm-22.05.10-150200.5.6.1 * slurm_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-node-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-node-22.05.10-150200.5.6.1 * slurm_22_05-22.05.10-150200.5.6.1 * slurm_22_05-lua-22.05.10-150200.5.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-rest-22.05.10-150200.5.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-sql-22.05.10-150200.5.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-slurmdbd-22.05.10-150200.5.6.1 * slurm_22_05-munge-22.05.10-150200.5.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150200.5.6.1 * libpmi0_22_05-22.05.10-150200.5.6.1 * libpmi0_22_05-debuginfo-22.05.10-150200.5.6.1 * libslurm38-22.05.10-150200.5.6.1 * slurm_22_05-auth-none-22.05.10-150200.5.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-torque-22.05.10-150200.5.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-devel-22.05.10-150200.5.6.1 * libslurm38-debuginfo-22.05.10-150200.5.6.1 * libnss_slurm2_22_05-22.05.10-150200.5.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-plugins-22.05.10-150200.5.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-sview-22.05.10-150200.5.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150200.5.6.1 * perl-slurm_22_05-22.05.10-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_22_05-doc-22.05.10-150200.5.6.1 * slurm_22_05-config-22.05.10-150200.5.6.1 * slurm_22_05-webdoc-22.05.10-150200.5.6.1 * slurm_22_05-config-man-22.05.10-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:24 -0000 Subject: SUSE-SU-2023:4579-1: important: Security update for slurm_22_05 Message-ID: <170108822463.634.12925839621593770665@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4579-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4579=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4579=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4579=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4579=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4579=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4579=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.4 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.5 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * HPC Module 15-SP4 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * HPC Module 15-SP4 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:29 -0000 Subject: SUSE-SU-2023:4578-1: important: Security update for slurm Message-ID: <170108822925.634.10543422245898940509@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4578-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4578=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4578=1 openSUSE-SLE-15.5-2023-4578=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4578=1 ## Package List: * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-hdf5-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-hdf5-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * SUSE Package Hub 15 15-SP5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-seff-23.02.6-150500.5.12.1 * slurm-openlava-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 * slurm-sjstat-23.02.6-150500.5.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * slurm-testsuite-23.02.6-150500.5.12.1 * libslurm39-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libslurm39-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-hdf5-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.6-150500.5.12.1 * slurm-hdf5-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * openSUSE Leap 15.5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-seff-23.02.6-150500.5.12.1 * slurm-openlava-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 * slurm-sjstat-23.02.6-150500.5.12.1 * HPC Module 15-SP5 (aarch64 x86_64) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * libslurm39-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libslurm39-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * HPC Module 15-SP5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:32 -0000 Subject: SUSE-SU-2023:4577-1: moderate: Security update for xrdp Message-ID: <170108823265.634.5571338150454342330@smelt2.prg2.suse.org> # Security update for xrdp Announcement ID: SUSE-SU-2023:4577-1 Rating: moderate References: * bsc#1215803 Cross-References: * CVE-2023-42822 CVSS scores: * CVE-2023-42822 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2023-42822 ( NVD ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4577=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4577=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4577=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4577=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42822.html * https://bugzilla.suse.com/show_bug.cgi?id=1215803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:36 -0000 Subject: SUSE-SU-2023:4576-1: important: Security update for sqlite3 Message-ID: <170108823670.634.7544251700019849683@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4576-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4576=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-devel-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:40 -0000 Subject: SUSE-SU-2023:4575-1: important: Security update for gstreamer-plugins-bad Message-ID: <170108824029.634.10246307774538263192@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4575-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4575=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4575=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4575=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4575=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.9.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-1.20.1-150400.3.9.1 * gstreamer-transcoder-devel-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.9.1 * gstreamer-transcoder-1.20.1-150400.3.9.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.9.1 * libgstva-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (x86_64) * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-32bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-64bit-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstphotography-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-1.20.1-150400.3.9.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstplay-1_0-0-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.9.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.9.1 * libgstva-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.9.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:45 -0000 Subject: SUSE-SU-2023:4574-1: important: Security update for gstreamer-plugins-bad Message-ID: <170108824528.634.10877202061395815549@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4574-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4574=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4574=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4574=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4574=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstphotography-1_0-0-1.22.0-150500.3.9.1 * libgstplay-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-1.22.0-150500.3.9.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-1.22.0-150500.3.9.1 * libgstva-1_0-0-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.9.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.9.1 * gstreamer-transcoder-devel-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-1.22.0-150500.3.9.1 * libgstplay-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-1.22.0-150500.3.9.1 * libgstva-1_0-0-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-transcoder-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (x86_64) * libgstphotography-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:50 -0000 Subject: SUSE-SU-2023:4573-1: important: Security update for openvswitch Message-ID: <170108825000.634.13087349248642229552@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4573-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4573=1 openSUSE-SLE-15.4-2023-4573=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4573=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4573=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4573=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4573=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4573=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.14.2 * ovn-doc-20.06.2-150400.24.14.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * openSUSE Leap 15.5 (noarch) * openvswitch-doc-2.14.2-150400.24.14.2 * ovn-doc-20.06.2-150400.24.14.2 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:54 -0000 Subject: SUSE-SU-2023:4572-1: important: Security update for java-1_8_0-ibm Message-ID: <170108825489.634.12899501577266501879@smelt2.prg2.suse.org> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:4572-1 Rating: important References: * bsc#1204264 * bsc#1216339 * bsc#1216374 * bsc#1216379 * bsc#1216640 * bsc#1217214 Cross-References: * CVE-2023-22025 * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22025 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22025 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: * CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374) * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379) * CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339) * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214) Bug fixes: * IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4572=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4572=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4572=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4572=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4572=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4572=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4572=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-demo-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-src-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-demo-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-src-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22025.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1204264 * https://bugzilla.suse.com/show_bug.cgi?id=1216339 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1216640 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 12:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:58 -0000 Subject: SUSE-SU-2023:4571-1: important: Security update for openvswitch Message-ID: <170108825897.634.1574265574640148479@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4571-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4571=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4571=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4571=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4591-1: important: Security update for squashfs Message-ID: <170110260273.2808.13014600742707802892@smelt2.prg2.suse.org> # Security update for squashfs Announcement ID: SUSE-SU-2023:4591-1 Rating: important References: * bsc#1189936 * bsc#1190531 * bsc#935380 Cross-References: * CVE-2015-4645 * CVE-2015-4646 * CVE-2021-40153 * CVE-2021-41072 CVSS scores: * CVE-2015-4645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-40153 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-40153 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2021-41072 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-41072 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools (bsc#935380) * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) * CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the "fragment table" fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * "Non-anchored" excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows "." to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for "corrupted" filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new "experts" category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use "max open file limit" when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports "Actions". * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file "R" definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports "exclude" files. * Max depth traversal option added. * Unsquashfs can now output a "Pseudo file" representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs "-stat" output. * Unsquashfs "write outside directory" exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4591=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4591=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4591=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4591=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4591=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4591=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4591=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4591=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4591=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4591=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4591=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4591=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4645.html * https://www.suse.com/security/cve/CVE-2015-4646.html * https://www.suse.com/security/cve/CVE-2021-40153.html * https://www.suse.com/security/cve/CVE-2021-41072.html * https://bugzilla.suse.com/show_bug.cgi?id=1189936 * https://bugzilla.suse.com/show_bug.cgi?id=1190531 * https://bugzilla.suse.com/show_bug.cgi?id=935380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4589-1: important: Security update for squid Message-ID: <170110260808.2808.7827163354445993984@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4589-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4589=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4589=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE CaaS Platform 4.0 (x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4588-1: important: Security update for MozillaThunderbird Message-ID: <170110261027.2808.5544010831634717633@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:4588-1 Rating: important References: * bsc#1217230 Cross-References: * CVE-2023-6204 * CVE-2023-6205 * CVE-2023-6206 * CVE-2023-6207 * CVE-2023-6208 * CVE-2023-6209 * CVE-2023-6212 CVSS scores: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Mozilla Thunderbird 115.5.0 MFSA 2023-52 (bsc#1217230) * CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205: Use-after-free in MessagePort::Entangled * CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212: Memory safety bugs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4588=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4588=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4588=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4588=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4588=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4588=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6204.html * https://www.suse.com/security/cve/CVE-2023-6205.html * https://www.suse.com/security/cve/CVE-2023-6206.html * https://www.suse.com/security/cve/CVE-2023-6207.html * https://www.suse.com/security/cve/CVE-2023-6208.html * https://www.suse.com/security/cve/CVE-2023-6209.html * https://www.suse.com/security/cve/CVE-2023-6212.html * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:13 -0000 Subject: SUSE-SU-2023:4587-1: important: Security update for vim Message-ID: <170110261387.2808.1393887489208531392@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4587-1 Rating: important References: * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4587=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4587=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4587=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4587=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4587=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4587=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4586-1: important: Security update for xerces-c Message-ID: <170110261773.2808.521612298850749042@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4586-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4586=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4586=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4586=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4586=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4586=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4586=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4586=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4586=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4586=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4586=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.3 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * openSUSE Leap 15.3 (aarch64_ilp32) * libxerces-c-3_2-64bit-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-64bit-3.2.3-150300.3.3.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.4 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.5 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Nov 27 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4592-1: moderate: Recommended update for rust, rust1.74 Message-ID: <170111700238.29739.11670616763611296907@smelt2.prg2.suse.org> # Recommended update for rust, rust1.74 Announcement ID: SUSE-RU-2023:4592-1 Rating: moderate References: * jsc#SLE-18626 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for rust, rust1.74 fixes the following issues: # Version 1.74.0 (2023-11-16) ## Language * Codify that std::mem::Discriminant does not depend on any lifetimes in T * Replace private_in_public lint with private_interfaces and private_bounds per RFC 2145. Read more in [RFC 2145(https://rust- lang.github.io/rfcs/2145-type-privacy.html). * Allow explicit #[repr(Rust)] * closure field capturing: don't depend on alignment of packed fields * Enable MIR-based drop-tracking for async blocks * Stabilize impl_trait_projections ## Compiler * stabilize combining +bundle and +whole-archive link modifiers * Stabilize PATH option for --print KIND=PATH * Enable ASAN/LSAN/TSAN for *-apple-ios-macabi * Promote loongarch64-unknown-none* to Tier 2 * Add i686-pc-windows-gnullvm as a tier 3 target ## Libraries * Implement From for ChildStdin/out/err * Implement From<{&,&mut} [T; N]> for Vec where T: Clone * impl Step for IP addresses * Implement From<[T; N]> for Rc<[T]> and Arc<[T]> * impl TryFrom for u16 * Stabilize io_error_other feature * Stabilize the Saturating type * Stabilize const_transmute_copy ## Stabilized APIs * core::num::Saturating * impl From for std::process::Stdio * impl From for std::process::Stdio * impl From for std::process::Child{Stdin, Stdout, Stderr} * impl From for std::process::Child{Stdin, Stdout, Stderr} * std::ffi::OsString::from_encoded_bytes_unchecked * std::ffi::OsString::into_encoded_bytes * std::ffi::OsStr::from_encoded_bytes_unchecked * std::ffi::OsStr::as_encoded_bytes * std::io::Error::other * impl TryFrom for u16 * impl From<&[T; N]> for Vec * impl From<&mut [T; N]> for Vec * impl From<[T; N]> for Arc<[T]> * impl From<[T; N]> for Rc<[T]> Thse APIs are now stable in const contexts: * core::mem::transmute_copy * str::is_ascii * ## Cargo * fix: Set MSRV for internal packages * config: merge lists in precedence order * fix(update): Clarify meaning of --aggressive as --recursive * fix(update): Make -p more convenient by being positional * feat(help): Add styling to help output * feat(pkgid): Allow incomplete versions when unambigious * feat: stabilize credential-process and registry-auth * feat(cli): Add '-n' to dry-run * Add support for target.'cfg(..)'.linker * Stabilize --keep-going * feat: Stabilize lints ## Rustdoc * Add warning block support in rustdoc * Accept additional user-defined syntax classes in fenced code blocks * rustdoc-search: add support for type parameters * rustdoc: show inner enum and struct in type definition for concrete type ## Compatibility Notes * Raise minimum supported Apple OS versions * make Cell::swap panic if the Cells partially overlap * Reject invalid crate names in --extern * Don't resolve generic impls that may be shadowed by dyn built-in impls * The new impl From<{&,&mut} [T; N]> for Vec is known to cause some inference failures with overly-generic code. Changes in rust: * Update to version 1.74.0 - for details see the rust1.74 package ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4592=1 openSUSE-SLE-15.4-2023-4592=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4592=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4592=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4592=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rust1.74-debuginfo-1.74.0-150400.9.3.1 * cargo1.74-debuginfo-1.74.0-150400.9.3.1 * cargo-1.74.0-150400.24.30.1 * cargo1.74-1.74.0-150400.9.3.1 * rust-1.74.0-150400.24.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.74-1.74.0-150400.9.3.1 * openSUSE Leap 15.4 (nosrc) * rust1.74-test-1.74.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust1.74-debuginfo-1.74.0-150400.9.3.1 * cargo1.74-debuginfo-1.74.0-150400.9.3.1 * cargo-1.74.0-150400.24.30.1 * cargo1.74-1.74.0-150400.9.3.1 * rust-1.74.0-150400.24.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.74-1.74.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust1.74-debuginfo-1.74.0-150400.9.3.1 * cargo1.74-debuginfo-1.74.0-150400.9.3.1 * cargo-1.74.0-150400.24.30.1 * cargo1.74-1.74.0-150400.9.3.1 * rust-1.74.0-150400.24.30.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.74-1.74.0-150400.9.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rust1.74-debuginfo-1.74.0-150400.9.3.1 * cargo1.74-debuginfo-1.74.0-150400.9.3.1 * cargo-1.74.0-150400.24.30.1 * cargo1.74-1.74.0-150400.9.3.1 * rust-1.74.0-150400.24.30.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.74-1.74.0-150400.9.3.1 ## References: * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 08:03:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:03:47 +0100 (CET) Subject: SUSE-CU-2023:3902-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231128080347.5F701F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3902-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.262 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.262 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-updates at lists.suse.com Tue Nov 28 08:04:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:04:56 +0100 (CET) Subject: SUSE-CU-2023:3904-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231128080456.8AAF9F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3904-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.160 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.160 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-updates at lists.suse.com Tue Nov 28 08:07:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:07:47 +0100 (CET) Subject: SUSE-CU-2023:3910-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231128080747.99416F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3910-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.13 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.13 Container Release : 9.30.13 Severity : moderate Type : recommended References : 1111622 1170175 1176785 1184753 1199282 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). The following package changes have been done: - python3-requests-2.25.1-150300.3.6.1 updated From sle-updates at lists.suse.com Tue Nov 28 08:08:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:08:15 +0100 (CET) Subject: SUSE-CU-2023:3911-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231128080815.B2290F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3911-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.499 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.499 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-updates at lists.suse.com Tue Nov 28 08:09:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:09:56 +0100 (CET) Subject: SUSE-CU-2023:3913-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231128080956.11F98F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3913-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.321 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.321 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-updates at lists.suse.com Tue Nov 28 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4597-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117460530.6678.6132537357078295169@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4597-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4597=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstinsertbin-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-devel-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstinsertbin-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4596-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117460852.6678.4488049575605485348@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4596-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4596=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4596=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4596=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE CaaS Platform 4.0 (x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE CaaS Platform 4.0 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:15 -0000 Subject: SUSE-SU-2023:4595-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117461595.6678.11841473317985922680@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4595-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4595=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4595=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4595=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4594-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117462549.6678.9026055496501552307@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4594-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4594=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4594=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4594=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4594=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4594=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4594=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-doc-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (x86_64) * libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-32bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-32bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (aarch64_ilp32) * libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-64bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-64bit-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:28 -0000 Subject: SUSE-SU-2023:4593-1: important: Security update for compat-openssl098 Message-ID: <170117462843.6678.1036175150207283992@smelt2.prg2.suse.org> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:4593-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-4593=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-4593=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-0.9.8j-106.61.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.61.1 * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.61.1 * libopenssl0_9_8-32bit-0.9.8j-106.61.1 * compat-openssl098-debugsource-0.9.8j-106.61.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl0_9_8-debuginfo-0.9.8j-106.61.1 * libopenssl0_9_8-0.9.8j-106.61.1 * compat-openssl098-debugsource-0.9.8j-106.61.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 13:35:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 14:35:37 +0100 (CET) Subject: SUSE-IU-2023:843-1: Security update of sles-15-sp4-chost-byos-v20231127-arm64 Message-ID: <20231128133537.ED86FF3CA@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20231127-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:843-1 Image Tags : sles-15-sp4-chost-byos-v20231127-arm64:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20231127-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Tue Nov 28 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4600-1: low: Recommended update for desktop-file-utils Message-ID: <170118900512.9628.16950418981640817301@smelt2.prg2.suse.org> # Recommended update for desktop-file-utils Announcement ID: SUSE-RU-2023:4600-1 Rating: low References: * bsc#1216357 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for desktop-file-utils fixes the following issues: * Add support for the Desktop entry specification version 1.5 (bsc#1216357) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4600=1 openSUSE-SLE-15.4-2023-4600=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4600=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4600=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4600=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * desktop-file-utils-debugsource-0.26-150400.3.3.1 * desktop-file-utils-debuginfo-0.26-150400.3.3.1 * desktop-file-utils-0.26-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * desktop-file-utils-debugsource-0.26-150400.3.3.1 * desktop-file-utils-debuginfo-0.26-150400.3.3.1 * desktop-file-utils-0.26-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * desktop-file-utils-debugsource-0.26-150400.3.3.1 * desktop-file-utils-debuginfo-0.26-150400.3.3.1 * desktop-file-utils-0.26-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * desktop-file-utils-debugsource-0.26-150400.3.3.1 * desktop-file-utils-debuginfo-0.26-150400.3.3.1 * desktop-file-utils-0.26-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216357 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Nov 28 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Nov 2023 16:30:08 -0000 Subject: SUSE-RU-2023:4599-1: moderate: Recommended update for scap-security-guide Message-ID: <170118900832.9628.10082521216369125931@smelt2.prg2.suse.org> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:4599-1 Rating: moderate References: * jsc#ECO-3319 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.70 (jsc#ECO-3319) * Add openembedded distro support (#10793) * Remove DRAFT wording for OpenShift STIG (#11100) * Remove test-function-check_playbook_file_removed_and_added test (#10982) * scap-security-guide: Add Poky support (#11046) Also various SUSE profile bug fixes have been applied. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4599=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4599=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4599=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * scap-security-guide-debian-0.1.70-9.18.2 * scap-security-guide-ubuntu-0.1.70-9.18.2 * scap-security-guide-0.1.70-9.18.2 * scap-security-guide-redhat-0.1.70-9.18.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * scap-security-guide-debian-0.1.70-9.18.2 * scap-security-guide-ubuntu-0.1.70-9.18.2 * scap-security-guide-0.1.70-9.18.2 * scap-security-guide-redhat-0.1.70-9.18.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * scap-security-guide-debian-0.1.70-9.18.2 * scap-security-guide-ubuntu-0.1.70-9.18.2 * scap-security-guide-0.1.70-9.18.2 * scap-security-guide-redhat-0.1.70-9.18.2 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 08:01:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 09:01:07 +0100 (CET) Subject: SUSE-IU-2023:846-1: Security update of suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 Message-ID: <20231129080107.616FBF3CA@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:846-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Wed Nov 29 08:01:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 09:01:14 +0100 (CET) Subject: SUSE-IU-2023:847-1: Security update of suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 Message-ID: <20231129080114.9A26FF3CA@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:847-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-x86_64-xen-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - xen-tools-domU-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-updates at lists.suse.com Wed Nov 29 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4605-1: moderate: Recommended update for selinux-policy Message-ID: <170124660294.20342.14516734244225350000@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4605-1 Rating: moderate References: Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Extend module list for targeted policy * timedatex * rrdcached * stratisd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4605=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4605=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4605=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * selinux-policy-targeted-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-20210716+git59.bb8b3de0-150400.5.9.1 * selinux-policy-devel-20210716+git59.bb8b3de0-150400.5.9.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 08:30:05 -0000 Subject: SUSE-RU-2023:4604-1: moderate: Recommended update for selinux-policy Message-ID: <170124660515.20342.10670958137700606809@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4604-1 Rating: moderate References: * bsc#1215405 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Extend module list for targeted policy * timedatex * rrdcached * stratisd * ica (bsc#1215405) * fedoratp * stalld * rhcd * wireguard ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4604=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4604=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4604=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.18.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.18.1 * openSUSE Leap Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-20230511+git5.54d165ea-150400.4.18.1 * selinux-policy-devel-20230511+git5.54d165ea-150400.4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 08:30:08 -0000 Subject: SUSE-RU-2023:4603-1: moderate: Recommended update for selinux-policy Message-ID: <170124660839.20342.5679020302973875417@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4603-1 Rating: moderate References: * bsc#1215405 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Extend module list for targeted policy * timedatex * rrdcached * stratisd * ica (bsc#1215405) * fedoratp * stalld * rhcd * wireguard ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4603=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.6.1 * selinux-policy-20230511+git9.1b35a6ab-150500.3.6.1 * selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 08:30:10 -0000 Subject: SUSE-RU-2023:4602-1: moderate: Recommended update for suseconnect-ng Message-ID: <170124661051.20342.4708811185520493098@smelt2.prg2.suse.org> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:4602-1 Rating: moderate References: * bsc#1170267 * bsc#1212799 * bsc#1214781 * jsc#PED-3179 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has three fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.4.0~git0.b0f7c25bfdfa * Added EULA display for addons (bsc#1170267) * Fix zypper argument for auto-agreeing licenses (bsc#1214781) * Enable building on SLE12 SP5 (jsc#PED-3179) * Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) * Improve error message if product set more than once ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4602=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4602=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4602=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4602=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4602=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4602=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4602=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4602=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1170267 * https://bugzilla.suse.com/show_bug.cgi?id=1212799 * https://bugzilla.suse.com/show_bug.cgi?id=1214781 * https://jira.suse.com/browse/PED-3179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 08:30:12 -0000 Subject: SUSE-RU-2023:4601-1: moderate: Recommended update for suseconnect-ng Message-ID: <170124661295.20342.10187973539428158738@smelt2.prg2.suse.org> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:4601-1 Rating: moderate References: * bsc#1170267 * bsc#1212799 * bsc#1214781 * jsc#PED-3179 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has three fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.4.0~git0.b0f7c25bfdfa * Added EULA display for addons (bsc#1170267) * Fix zypper argument for auto-agreeing licenses (bsc#1214781) * Enable building on SLE12 SP5 (jsc#PED-3179) * Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) * Improve error message if product set more than once ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4601=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4601=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4601=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1170267 * https://bugzilla.suse.com/show_bug.cgi?id=1212799 * https://bugzilla.suse.com/show_bug.cgi?id=1214781 * https://jira.suse.com/browse/PED-3179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4609-1: moderate: Security update for python-azure-storage-queue Message-ID: <170126100254.4959.4047465807708425017@smelt2.prg2.suse.org> # Security update for python-azure-storage-queue Announcement ID: SUSE-SU-2023:4609-1 Rating: moderate References: * bsc#1202088 Cross-References: * CVE-2022-30187 CVSS scores: * CVE-2022-30187 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30187 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-azure-storage-queue fixes the following issues: * CVE-2022-30187: Fixed information disclosure vulnerability (bsc#1202088). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4609=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4609=1 ## Package List: * Public Cloud Module 15-SP2 (noarch) * python2-azure-storage-queue-12.4.0-150100.3.7.1 * Public Cloud Module 15-SP1 (noarch) * python2-azure-storage-queue-12.4.0-150100.3.7.1 * python3-azure-storage-queue-12.4.0-150100.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2022-30187.html * https://bugzilla.suse.com/show_bug.cgi?id=1202088 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4608-1: moderate: Security update for python-Twisted Message-ID: <170126100451.4959.2688769250003140928@smelt2.prg2.suse.org> # Security update for python-Twisted Announcement ID: SUSE-SU-2023:4608-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4608=1 openSUSE-SLE-15.4-2023-4608=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4608=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4608=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4608=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * openSUSE Leap 15.5 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * Python 3 Module 15-SP4 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * Python 3 Module 15-SP5 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4607-1: moderate: Security update for python3-Twisted Message-ID: <170126100663.4959.4714871727994991181@smelt2.prg2.suse.org> # Security update for python3-Twisted Announcement ID: SUSE-SU-2023:4607-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4607=1 openSUSE-SLE-15.4-2023-4607=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4607=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4607=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4607=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python3-Twisted-22.2.0-150400.15.1 * python-Twisted-doc-22.2.0-150400.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:09 -0000 Subject: SUSE-RU-2023:4606-1: important: Recommended update for python-apache-libcloud Message-ID: <170126100922.4959.1057488238046792187@smelt2.prg2.suse.org> # Recommended update for python-apache-libcloud Announcement ID: SUSE-RU-2023:4606-1 Rating: important References: * bsc#1214808 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python-apache-libcloud fixes the following issues: * list_nodes() function in the Azure ARM driver does not handle pagination and does not return all the VMs for a subscription (bsc#1214808) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4606=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4606=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4606=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4606=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4606=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4606=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4606=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4606=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4606=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4606=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * openSUSE Leap 15.4 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * openSUSE Leap 15.5 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * Server Applications Module 15-SP4 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 * Server Applications Module 15-SP5 (noarch) * python3-apache-libcloud-3.3.1-150300.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 15:11:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:11:47 +0100 (CET) Subject: SUSE-CU-2023:3915-1: Security update of caasp/v4/cilium Message-ID: <20231129151147.9E94EF3CA@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3915-1 Container Tags : caasp/v4/cilium:1.6.6 , caasp/v4/cilium:1.6.6-rev6 , caasp/v4/cilium:1.6.6-rev6-build3.17.1 Container Release : 3.17.1 Severity : critical Type : security References : 1040589 1041742 1065270 1082318 1087072 1089497 1099272 1099695 1115529 1121227 1121230 1122004 1122021 1127591 1128846 1142579 1148309 1158763 1159635 1160285 1162964 1172113 1172427 1173277 1174075 1174414 1174911 1177047 1178233 1180065 1180689 1180713 1180995 1181475 1181826 1181961 1181961 1182959 1183533 1184501 1185597 1185637 1185712 1187512 1187906 1188374 1189152 1189282 1189802 1190447 1190926 1191157 1191473 1191502 1191908 1192951 1193007 1193015 1193489 1193625 1193659 1193759 1193805 1193841 1193929 1194038 1194229 1194550 1194597 1194640 1194642 1194768 1194770 1194783 1194848 1194883 1194898 1195054 1195149 1195217 1195251 1195258 1195283 1195326 1195468 1195517 1195529 1195560 1195628 1195633 1195654 1195773 1195792 1195856 1195899 1195999 1196025 1196025 1196026 1196036 1196061 1196093 1196107 1196167 1196168 1196169 1196171 1196275 1196317 1196368 1196406 1196490 1196514 1196784 1196840 1196861 1196861 1196877 1196925 1196939 1197004 1197004 1197024 1197065 1197134 1197178 1197443 1197459 1197592 1197684 1197716 1197771 1197775 1197794 1198062 1198062 1198237 1198237 1198341 1198422 1198446 1198458 1198627 1198731 1198752 1198925 1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1199492 1199524 1199895 1199918 1199926 1199927 1199944 1200170 1200441 1200441 1200485 1200550 1200735 1200737 1200800 1200842 1200962 1200993 1201092 1201099 1201225 1201576 1201627 1201638 1201680 1201783 1201959 1201972 1201978 1202020 1202175 1202593 1202816 1202966 1202967 1202969 1203248 1203249 1203438 1203649 1203652 1203652 1203715 1203760 1204111 1204112 1204113 1204357 1204366 1204367 1204383 1204505 1204548 1204585 1204585 1204690 1204708 1204956 1205126 1205145 1205570 1205636 1205646 1206080 1206309 1206337 1206346 1206346 1206412 1206480 1206480 1206513 1206556 1206579 1206684 1206684 1206949 1207533 1207534 1207534 1207536 1207992 1208037 1208038 1208040 1208067 1208329 1208409 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209642 1209873 1209878 1210096 1210297 1210323 1210411 1210412 1210434 1210507 1210557 1210557 1210593 1210733 1210740 1210870 1211079 1211231 1211232 1211233 1211261 1211339 1211419 1211427 1211427 1211430 1211604 1211605 1211606 1211607 1211661 1211945 1211946 1211947 1211948 1211951 1212101 1212101 1212126 1212187 1212187 1212222 1212422 1212475 1212475 1212475 1212475 1213231 1213282 1213458 1213487 1213517 1213557 1213673 1213853 1213854 1213865 1213915 1213915 1214025 1214052 1214052 1214052 1214052 1214054 1214290 1214292 1214395 1214460 1214460 1214565 1214567 1214579 1214580 1214604 1214611 1214619 1214620 1214623 1214624 1214625 1214768 1214806 1215007 1215286 1215427 1215505 1215713 1215979 1216006 1216006 1216091 1216129 1216174 1216378 1216664 1216922 CVE-2015-8985 CVE-2016-3709 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2018-7738 CVE-2019-1010204 CVE-2019-19906 CVE-2019-2708 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2020-19726 CVE-2020-29362 CVE-2021-20206 CVE-2021-20206 CVE-2021-22570 CVE-2021-28153 CVE-2021-32256 CVE-2021-3530 CVE-2021-3541 CVE-2021-3648 CVE-2021-36690 CVE-2021-3826 CVE-2021-3999 CVE-2021-4209 CVE-2021-45078 CVE-2021-46195 CVE-2021-46828 CVE-2021-46848 CVE-2022-0778 CVE-2022-1271 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-2509 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27781 CVE-2022-27782 CVE-2022-27943 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35205 CVE-2022-35206 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-4285 CVE-2022-42898 CVE-2022-4304 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-44840 CVE-2022-45703 CVE-2022-46908 CVE-2022-47629 CVE-2022-47673 CVE-2022-47695 CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2022-48468 CVE-2022-4899 CVE-2022-4904 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-1579 CVE-2023-1972 CVE-2023-2222 CVE-2023-23916 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 CVE-2023-2603 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-29499 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 CVE-2023-3446 CVE-2023-34969 CVE-2023-35945 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-4156 CVE-2023-44487 CVE-2023-45322 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 CVE-2023-5678 ----------------------------------------------------------------- The container caasp/v4/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1656-1 Released: Fri May 13 15:38:02 2022 Summary: Recommended update for llvm7 Type: recommended Severity: moderate References: 1197775 This update for llvm7 fixes the following issues: - Backport fixes and changes from Factory. (bsc#1197775) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Fix build with linux-glibc-devel 5.13. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1674-1 Released: Mon May 16 10:12:11 2022 Summary: Security update for gzip Type: security Severity: important References: CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4214-1 Released: Thu Nov 24 16:17:31 2022 Summary: Security update for libdb-4_8 Type: security Severity: low References: 1174414,CVE-2019-2708 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4593-1 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1979-1 Released: Tue Apr 25 09:36:43 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2226-1 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2248-1 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2324-1 Released: Tue May 30 15:52:17 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1200441 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important References: 1200441 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2327-1 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2472-1 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1211661 This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2496-1 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2622-1 Released: Fri Jun 23 13:42:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2644-1 Released: Tue Jun 27 09:23:49 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - build: honor libproxy.pc's includedir (bsc#1212222) - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important References: 1206346 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2869-1 Released: Tue Jul 18 11:39:26 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1206346 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2961-1 Released: Tue Jul 25 09:32:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2998-1 Released: Thu Jul 27 08:39:49 2023 Summary: Recommended update for libdb-4_8 Type: recommended Severity: moderate References: 1099695 This update for libdb-4_8 fixes the following issues: - Fix incomplete license tag (bsc#1099695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3068-1 Released: Mon Jul 31 16:33:43 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3191-1 Released: Fri Aug 4 06:29:08 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3535-1 Released: Tue Sep 5 14:46:31 2023 Summary: Security update for glib2 Type: security Severity: important References: 1183533,1211945,1211946,1211947,1211948,1211951,CVE-2021-28153,CVE-2023-29499,CVE-2023-32611,CVE-2023-32636,CVE-2023-32643,CVE-2023-32665 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3815-1 Released: Wed Sep 27 18:20:25 2023 Summary: Security update for cni Type: security Severity: important References: 1212475 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3816-1 Released: Wed Sep 27 18:25:44 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1212475 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3825-1 Released: Wed Sep 27 18:48:53 2023 Summary: Security update for binutils Type: security Severity: important References: 1200962,1206080,1206556,1208037,1208038,1208040,1208409,1209642,1210297,1210733,1213458,1214565,1214567,1214579,1214580,1214604,1214611,1214619,1214620,1214623,1214624,1214625,CVE-2020-19726,CVE-2021-32256,CVE-2022-35205,CVE-2022-35206,CVE-2022-4285,CVE-2022-44840,CVE-2022-45703,CVE-2022-47673,CVE-2022-47695,CVE-2022-47696,CVE-2022-48063,CVE-2022-48064,CVE-2022-48065,CVE-2023-0687,CVE-2023-1579,CVE-2023-1972,CVE-2023-2222,CVE-2023-25585,CVE-2023-25587,CVE-2023-25588 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs = to relace any input file that matches with . In addition the option --remap-inputs-file= can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3937-1 Released: Tue Oct 3 11:33:38 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3958-1 Released: Wed Oct 4 09:16:06 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4126-1 Released: Thu Oct 19 09:38:31 2023 Summary: Security update for cni Type: security Severity: important References: 1212475,1216006 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4127-1 Released: Thu Oct 19 09:43:23 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1212475,1216006 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4536-1 Released: Thu Nov 23 08:19:05 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4613-1 Released: Wed Nov 29 15:46:24 2023 Summary: Updates Cilium Type: security Severity: important References: 1215713,1216174,CVE-2023-35945,CVE-2023-44487 Updates Cilium addon as it got rebuild to include a couple of sercurity fixes The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - binutils-2.41-150100.7.46.1 updated - cilium-proxy-20200109-150100.3.3.14.1 updated - clang7-7.0.1-150100.3.22.2 updated - cni-plugins-0.8.6-150100.3.20.1 updated - cni-0.7.1-150100.3.16.1 updated - coreutils-8.29-4.3.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - filesystem-15.0-11.8.1 updated - gawk-4.2.1-150000.3.3.1 updated - gcc7-7.5.0+r278197-150000.4.35.1 updated - glibc-32bit-2.26-150000.13.70.1 updated - glibc-devel-32bit-2.26-150000.13.70.1 updated - glibc-devel-2.26-150000.13.70.1 updated - glibc-2.26-150000.13.70.1 updated - gpg2-2.2.5-150000.4.22.1 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150000.4.15.1 updated - krb5-1.16.3-150100.3.30.1 updated - libLLVM7-7.0.1-150100.3.22.2 updated - libLTO7-7.0.1-150100.3.22.2 updated - libasan4-7.5.0+r278197-150000.4.35.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libcap2-2.26-150000.4.9.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcilkrts5-7.5.0+r278197-150000.4.35.1 updated - libclang7-7.0.1-150100.3.22.2 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcryptsetup12-2.0.6-150100.4.6.1 updated - libctf-nobfd0-2.41-150100.7.46.1 updated - libctf0-2.41-150100.7.46.1 updated - libcurl4-7.60.0-150000.51.1 updated - libdb-4_8-4.8.30-150000.7.9.1 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libglib-2_0-0-2.54.3-150000.4.29.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libgpgme11-1.10.0-150000.4.6.2 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libncurses6-6.1-150000.5.15.1 updated - libnghttp2-14-1.40.0-150000.3.17.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c-devel-1.3.0-150000.3.3.1 updated - libprotobuf-c1-1.3.0-150000.3.3.1 updated - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libprotobuf15-3.5.0-5.5.1 updated - libprotoc15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libsasl2-3-2.1.26-150000.5.13.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libsolv-tools-0.7.24-150100.4.12.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libsystemd0-234-150000.24.111.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.0.2-150000.3.18.1 updated - libtirpc3-1.0.2-150000.3.18.1 updated - libtsan0-11.3.0+git1637-150000.1.11.2 updated - libubsan0-7.5.0+r278197-150000.4.35.1 updated - libudev1-234-150000.24.111.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.22-150100.3.120.1 updated - llvm7-7.0.1-150100.3.22.2 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 added - openssl-1.1.0i-3.3.1 added - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150000.7.15.1 updated - permissions-20181116-150100.9.41.1 updated - procps-3.3.15-150000.7.34.1 updated - protobuf-c-1.3.0-150000.3.3.1 updated - shadow-4.6-150100.3.11.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-234-150000.24.111.1 updated - terminfo-base-6.1-150000.5.15.1 updated - udev-234-150000.24.111.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.33.2-150100.4.40.1 updated - zypper-1.14.66-150100.3.90.1 updated - container:sles15-image-15.0.0-6.2.848 updated - libprotobuf-lite15-3.5.0-5.2.1 removed From sle-updates at lists.suse.com Wed Nov 29 15:11:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:11:56 +0100 (CET) Subject: SUSE-CU-2023:3916-1: Security update of caasp/v4/cilium-operator Message-ID: <20231129151156.B2CE8F3CA@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3916-1 Container Tags : caasp/v4/cilium-operator:1.6.6 , caasp/v4/cilium-operator:1.6.6-rev6 , caasp/v4/cilium-operator:1.6.6-rev6-build3.17.1 Container Release : 3.17.1 Severity : critical Type : security References : 1040589 1041742 1065270 1082318 1089497 1099272 1115529 1121227 1121230 1122004 1122021 1127591 1128846 1148309 1158763 1159635 1160285 1162964 1172113 1172427 1173277 1174075 1174911 1178233 1180065 1180689 1180995 1181475 1181826 1182959 1183533 1184501 1185637 1187512 1187906 1189152 1189282 1189802 1190447 1190926 1191157 1191502 1192951 1193007 1193015 1193489 1193625 1193659 1193759 1193805 1193841 1194038 1194229 1194550 1194597 1194640 1194642 1194768 1194770 1194848 1194883 1194898 1195149 1195283 1195326 1195468 1195529 1195560 1195628 1195633 1195773 1195792 1195856 1195899 1195999 1196036 1196061 1196093 1196107 1196167 1196275 1196317 1196368 1196406 1196490 1196514 1196840 1196861 1196877 1196925 1196939 1197004 1197004 1197024 1197065 1197134 1197178 1197443 1197459 1197684 1197771 1197794 1198062 1198341 1198446 1198627 1198731 1198752 1198925 1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1199492 1199895 1199918 1199926 1199927 1200170 1200550 1200735 1200737 1200800 1200842 1200993 1201092 1201099 1201225 1201576 1201627 1201638 1201680 1201783 1201959 1201972 1201978 1202020 1202175 1202593 1203248 1203249 1203649 1203652 1203652 1203715 1203760 1204357 1204366 1204367 1204383 1204548 1204585 1204585 1204690 1204956 1205126 1205570 1205636 1205646 1206309 1206337 1206412 1206480 1206480 1206513 1206579 1206684 1206684 1206949 1207533 1207534 1207534 1207536 1207992 1208329 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209873 1209878 1210096 1210411 1210412 1210434 1210507 1210557 1210557 1210593 1210740 1210870 1211231 1211232 1211233 1211261 1211339 1211419 1211427 1211427 1211430 1211661 1211945 1211946 1211947 1211948 1211951 1212101 1212101 1212187 1212187 1212222 1212422 1213231 1213487 1213517 1213557 1213673 1213853 1213854 1213865 1213915 1213915 1214052 1214052 1214052 1214054 1214290 1214292 1214395 1214460 1214460 1214768 1214806 1215007 1215286 1215427 1215505 1215979 1216091 1216129 1216378 1216664 1216922 CVE-2015-8985 CVE-2016-3709 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2018-7738 CVE-2019-19906 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2020-29362 CVE-2021-28153 CVE-2021-3541 CVE-2021-36690 CVE-2021-3999 CVE-2021-4209 CVE-2021-46828 CVE-2021-46848 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-24407 CVE-2022-2509 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-4304 CVE-2022-43552 CVE-2022-46908 CVE-2022-47629 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23916 CVE-2023-2603 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-45322 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 CVE-2023-5678 ----------------------------------------------------------------- The container caasp/v4/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2226-1 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2248-1 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2327-1 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2472-1 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1211661 This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2496-1 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2622-1 Released: Fri Jun 23 13:42:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2644-1 Released: Tue Jun 27 09:23:49 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - build: honor libproxy.pc's includedir (bsc#1212222) - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2961-1 Released: Tue Jul 25 09:32:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3068-1 Released: Mon Jul 31 16:33:43 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3535-1 Released: Tue Sep 5 14:46:31 2023 Summary: Security update for glib2 Type: security Severity: important References: 1183533,1211945,1211946,1211947,1211948,1211951,CVE-2021-28153,CVE-2023-29499,CVE-2023-32611,CVE-2023-32636,CVE-2023-32643,CVE-2023-32665 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3937-1 Released: Tue Oct 3 11:33:38 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3958-1 Released: Wed Oct 4 09:16:06 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4536-1 Released: Thu Nov 23 08:19:05 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-150000.13.70.1 updated - gpg2-2.2.5-150000.4.22.1 updated - grep-3.1-150000.4.6.1 updated - krb5-1.16.3-150100.3.30.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libcap2-2.26-150000.4.9.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcurl4-7.60.0-150000.51.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libglib-2_0-0-2.54.3-150000.4.29.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated - libgpgme11-1.10.0-150000.4.6.2 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libncurses6-6.1-150000.5.15.1 updated - libnghttp2-14-1.40.0-150000.3.17.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libpsl5-0.20.1-150000.3.3.1 updated - libsasl2-3-2.1.26-150000.5.13.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libsolv-tools-0.7.24-150100.4.12.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libsystemd0-234-150000.24.111.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.0.2-150000.3.18.1 updated - libtirpc3-1.0.2-150000.3.18.1 updated - libudev1-234-150000.24.111.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.22-150100.3.120.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 added - openssl-1.1.0i-3.3.1 added - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150000.7.15.1 updated - permissions-20181116-150100.9.41.1 updated - procps-3.3.15-150000.7.34.1 updated - shadow-4.6-150100.3.11.1 updated - terminfo-base-6.1-150000.5.15.1 updated - util-linux-2.33.2-150100.4.40.1 updated - zypper-1.14.66-150100.3.90.1 updated - container:sles15-image-15.0.0-6.2.848 updated - libprotobuf-lite15-3.5.0-5.2.1 removed From sle-updates at lists.suse.com Wed Nov 29 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4614-1: important: Security update for java-1_8_0-ibm Message-ID: <170127540254.4702.14016758027978229816@smelt2.prg2.suse.org> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:4614-1 Rating: important References: * bsc#1204264 * bsc#1216339 * bsc#1216374 * bsc#1216379 * bsc#1216640 * bsc#1217214 Cross-References: * CVE-2023-22025 * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22025 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22025 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: * CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374) * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379) * CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339) * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214) Bug fixes: * IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4614=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22025.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1204264 * https://bugzilla.suse.com/show_bug.cgi?id=1216339 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1216640 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4613-1: important: Updates Cilium Message-ID: <170127540515.4702.9764105633843795948@smelt2.prg2.suse.org> # Updates Cilium Announcement ID: SUSE-SU-2023:4613-1 Rating: important References: * bsc#1215713 * bsc#1216174 Cross-References: * CVE-2023-35945 * CVE-2023-44487 CVSS scores: * CVE-2023-35945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise Server 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: Updates Cilium addon as it got rebuild to include a couple of sercurity fixes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * caasp-release-4.2.10-150100.24.55.2 * skuba-1.4.17-150100.3.70.1 * SUSE CaaS Platform 4.0 (noarch) * release-notes-caasp-4.2.20231122-150100.4.85.1 * skuba-update-1.4.17-150100.3.70.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35945.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1215713 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4612-1: moderate: Security update for java-1_8_0-openj9 Message-ID: <170127540754.4702.12945541871133333196@smelt2.prg2.suse.org> # Security update for java-1_8_0-openj9 Announcement ID: SUSE-SU-2023:4612-1 Rating: moderate References: * bsc#1216374 * bsc#1216379 * bsc#1217214 Cross-References: * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine * CVE-2023-22067: Fixed an IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed a certificate path validation issue during client authentication (bsc#1216374). * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4612=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4612=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4612=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.392-150200.3.39.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4611-1: moderate: Security update for freerdp Message-ID: <170127541238.4702.17452033864850891152@smelt2.prg2.suse.org> # Security update for freerdp Announcement ID: SUSE-SU-2023:4611-1 Rating: moderate References: * bsc#1214856 * bsc#1214857 * bsc#1214858 * bsc#1214859 * bsc#1214860 * bsc#1214862 * bsc#1214863 * bsc#1214864 * bsc#1214866 * bsc#1214867 * bsc#1214868 * bsc#1214869 * bsc#1214870 * bsc#1214871 * bsc#1214872 Cross-References: * CVE-2023-39350 * CVE-2023-39351 * CVE-2023-39352 * CVE-2023-39353 * CVE-2023-39354 * CVE-2023-39356 * CVE-2023-40181 * CVE-2023-40186 * CVE-2023-40188 * CVE-2023-40567 * CVE-2023-40569 * CVE-2023-40574 * CVE-2023-40575 * CVE-2023-40576 * CVE-2023-40589 CVSS scores: * CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863). * CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864). * CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866). * CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867). * CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868). * CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869). * CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870). * CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871). * CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4611=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4611=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libfreerdp2-debuginfo-2.1.2-12.38.1 * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * winpr2-devel-2.1.2-12.38.1 * freerdp-devel-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-server-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * freerdp-proxy-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * freerdp-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39350.html * https://www.suse.com/security/cve/CVE-2023-39351.html * https://www.suse.com/security/cve/CVE-2023-39352.html * https://www.suse.com/security/cve/CVE-2023-39353.html * https://www.suse.com/security/cve/CVE-2023-39354.html * https://www.suse.com/security/cve/CVE-2023-39356.html * https://www.suse.com/security/cve/CVE-2023-40181.html * https://www.suse.com/security/cve/CVE-2023-40186.html * https://www.suse.com/security/cve/CVE-2023-40188.html * https://www.suse.com/security/cve/CVE-2023-40567.html * https://www.suse.com/security/cve/CVE-2023-40569.html * https://www.suse.com/security/cve/CVE-2023-40574.html * https://www.suse.com/security/cve/CVE-2023-40575.html * https://www.suse.com/security/cve/CVE-2023-40576.html * https://www.suse.com/security/cve/CVE-2023-40589.html * https://bugzilla.suse.com/show_bug.cgi?id=1214856 * https://bugzilla.suse.com/show_bug.cgi?id=1214857 * https://bugzilla.suse.com/show_bug.cgi?id=1214858 * https://bugzilla.suse.com/show_bug.cgi?id=1214859 * https://bugzilla.suse.com/show_bug.cgi?id=1214860 * https://bugzilla.suse.com/show_bug.cgi?id=1214862 * https://bugzilla.suse.com/show_bug.cgi?id=1214863 * https://bugzilla.suse.com/show_bug.cgi?id=1214864 * https://bugzilla.suse.com/show_bug.cgi?id=1214866 * https://bugzilla.suse.com/show_bug.cgi?id=1214867 * https://bugzilla.suse.com/show_bug.cgi?id=1214868 * https://bugzilla.suse.com/show_bug.cgi?id=1214869 * https://bugzilla.suse.com/show_bug.cgi?id=1214870 * https://bugzilla.suse.com/show_bug.cgi?id=1214871 * https://bugzilla.suse.com/show_bug.cgi?id=1214872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:14 -0000 Subject: SUSE-RU-2023:4610-1: moderate: Recommended update for google-guest-configs Message-ID: <170127541452.4702.12495095157649451573@smelt2.prg2.suse.org> # Recommended update for google-guest-configs Announcement ID: SUSE-RU-2023:4610-1 Rating: moderate References: * bsc#1212418 * bsc#1212759 * bsc#1214546 * bsc#1214572 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four fixes can now be installed. ## Description: This update for google-guest-configs fixes the following issues: * Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) * Replace xxd with dd for google_nvme_id * Setup irq binding for a3 8g vm * dracut: Add a new dracut module for gcp udev rules * src/lib/udev: only create symlinks for GCP devices * Set hostname: consider fully qualified static hostname * Support multiple local SSD controllers * Update OWNERS file * DHCP hostname: don't reset hostname if the hostname hasn't changed ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4610=1 openSUSE-SLE-15.4-2023-4610=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4610=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4610=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4610=1 ## Package List: * openSUSE Leap 15.4 (noarch) * google-guest-configs-20230808.00-150400.13.6.1 * openSUSE Leap 15.5 (noarch) * google-guest-configs-20230808.00-150400.13.6.1 * Public Cloud Module 15-SP4 (noarch) * google-guest-configs-20230808.00-150400.13.6.1 * Public Cloud Module 15-SP5 (noarch) * google-guest-configs-20230808.00-150400.13.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212418 * https://bugzilla.suse.com/show_bug.cgi?id=1212759 * https://bugzilla.suse.com/show_bug.cgi?id=1214546 * https://bugzilla.suse.com/show_bug.cgi?id=1214572 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Nov 29 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4615-1: moderate: Recommended update for icu Message-ID: <170128980258.18590.15612376493270832551@smelt2.prg2.suse.org> # Recommended update for icu Announcement ID: SUSE-RU-2023:4615-1 Rating: moderate References: * bsc#1217472 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update of icu fixes the following issue: * missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4615=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4615=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4615=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4615=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4615=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4615=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4615=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4615=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4615=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4615=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4615=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4615=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4615=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4615=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4615=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4615=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4615=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4615=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4615=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4615=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4615=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4615=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4615=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-doc-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * openSUSE Leap 15.4 (x86_64) * libicu-devel-32bit-65.1-150200.4.10.1 * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * openSUSE Leap 15.4 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-doc-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * openSUSE Leap 15.5 (x86_64) * libicu-devel-32bit-65.1-150200.4.10.1 * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * openSUSE Leap 15.5 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * Basesystem Module 15-SP4 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * Basesystem Module 15-SP5 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * icu-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * icu-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-65.1-150200.4.10.1 * libicu-devel-65.1-150200.4.10.1 * SUSE Enterprise Storage 7.1 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Enterprise Storage 7.1 (x86_64) * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.10.1 * libicu-suse65_1-32bit-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * openSUSE Leap Micro 5.3 (noarch) * libicu65_1-ledata-65.1-150200.4.10.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libicu-suse65_1-65.1-150200.4.10.1 * icu-debuginfo-65.1-150200.4.10.1 * icu-debugsource-65.1-150200.4.10.1 * libicu-suse65_1-debuginfo-65.1-150200.4.10.1 * openSUSE Leap Micro 5.4 (noarch) * libicu65_1-bedata-65.1-150200.4.10.1 * libicu65_1-ledata-65.1-150200.4.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 12:36:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 12:36:06 -0000 Subject: SUSE-RU-2023:4620-1: moderate: Recommended update for libhugetlbfs Message-ID: <170134776667.2264.1418186308109452015@smelt2.prg2.suse.org> # Recommended update for libhugetlbfs Announcement ID: SUSE-RU-2023:4620-1 Rating: moderate References: * bsc#1213639 * bsc#1216576 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for libhugetlbfs fixes the following issue: * Add patch for upstream issue (bsc#1216576, bsc#1213639) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4620=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4620=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4620=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4620=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4620=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4620=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4620=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4620=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4620=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4620=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4620=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4620=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4620=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4620=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4620=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4620=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4620=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4620=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4620=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4620=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4620=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4620=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4620=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4620=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4620=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-tests-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-tests-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * libhugetlbfs-devel-2.20-150000.3.8.1 * openSUSE Leap 15.4 (x86_64) * libhugetlbfs-32bit-2.20-150000.3.8.1 * libhugetlbfs-32bit-debuginfo-2.20-150000.3.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-tests-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-tests-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * libhugetlbfs-devel-2.20-150000.3.8.1 * openSUSE Leap 15.5 (x86_64) * libhugetlbfs-32bit-2.20-150000.3.8.1 * libhugetlbfs-32bit-debuginfo-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE CaaS Platform 4.0 (x86_64) * libhugetlbfs-devel-2.20-150000.3.8.1 * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libhugetlbfs-2.20-150000.3.8.1 * libhugetlbfs-debuginfo-2.20-150000.3.8.1 * libhugetlbfs-debugsource-2.20-150000.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213639 * https://bugzilla.suse.com/show_bug.cgi?id=1216576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 12:36:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 12:36:09 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170134776905.2264.10871961820999960954@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 12:39:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 12:39:11 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170134795117.12247.5289071518175292812@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:30:03 -0000 Subject: SUSE-RU-2023:4621-1: moderate: Recommended update for cloud-regionsrv Message-ID: <170136180346.5512.431972541278094478@smelt2.prg2.suse.org> # Recommended update for cloud-regionsrv Announcement ID: SUSE-RU-2023:4621-1 Rating: moderate References: * bsc#1191880 * bsc#1195924 * bsc#1195925 * bsc#1216917 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has four fixes can now be installed. ## Description: This update for cloud-regionsrv fixes the following issue: * Implement IPv6 support independently from IPv4. (bsc#1216917) * IP address resolution from (client as fallback, or server or fail over) (bsc#1216917) * Fixed an issue replacing the cert on the client side when the connected server cert changes. (bsc#1191880) * With matching the certs with the underlying framework it is going to be prevented getting updates from the wrong cloud infrastructure which can occur by changing the provider. (bsc#1195924, bsc#1195925) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4621=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4621=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4621=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4621=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4621=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4621=1 ## Package List: * openSUSE Leap 15.3 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 * openSUSE Leap 15.4 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 * openSUSE Leap 15.5 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 * Public Cloud Module 15-SP5 (noarch) * cloud-regionsrv-generic-config-1.0.0-150300.11.12.1 * cloud-regionsrv-8.2.0-150300.11.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191880 * https://bugzilla.suse.com/show_bug.cgi?id=1195924 * https://bugzilla.suse.com/show_bug.cgi?id=1195925 * https://bugzilla.suse.com/show_bug.cgi?id=1216917 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:33:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:33:08 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136198878.9735.4345439720872543785@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:36:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:36:14 -0000 Subject: SUSE-RU-2023:4618-1: moderate: Recommended update for orarun Message-ID: <170136217468.9735.1250292249911174278@smelt2.prg2.suse.org> # Recommended update for orarun Announcement ID: SUSE-RU-2023:4618-1 Rating: moderate References: * bsc#1216566 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for orarun fixes the following issues: * Fixed 'grep: oracle: No such file or directory' error during oracle user login with csh/tcsh (/etc/profile.d/oracle.csh) (bsc#1216566) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4618=1 openSUSE-SLE-15.4-2023-4618=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4618=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4618=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4618=1 ## Package List: * openSUSE Leap 15.4 (s390x x86_64 i586) * orarun-2.1-150400.22.3.1 * openSUSE Leap 15.5 (s390x x86_64) * orarun-2.1-150400.22.3.1 * Server Applications Module 15-SP4 (s390x x86_64) * orarun-2.1-150400.22.3.1 * Server Applications Module 15-SP5 (s390x x86_64) * orarun-2.1-150400.22.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216566 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:36:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:36:18 -0000 Subject: SUSE-FU-2023:4616-1: moderate: Feature update for ant, eclipse, jakarta-mail, jakarta-activation Message-ID: <170136217887.9735.1749413965720029426@smelt2.prg2.suse.org> # Feature update for ant, eclipse, jakarta-mail, jakarta-activation Announcement ID: SUSE-FU-2023:4616-1 Rating: moderate References: * jsc#PED-6376 * jsc#PED-6377 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that contains two features can now be installed. ## Description: This update for ant, eclipse, jakarta-mail, jakarta-activation fixes the following issues: ant: * Version update to 1.10.13 (jsc#PED-6377, jsc#PED-6376): * Breaking changes: * has a new attribute authenticateOnRedirect that can be used to prevent Ant from sending the configured credentials when following a redirect. It is false by default, which means builds that rely on credentials being used on the redirected URI may break. * Fixed bugs: * the PropertyEnumerator change introduced in 1.10.9 proved to be not fully backwards compatible when combined with certain custom PropertyHelper implementations - for example when using AntXtras. * legacy-xml reporter of the junitlauncher task now escapes ]]> when writing CDATA. * may leak connections when trying to preserve the last modified timestamps of files transferred recursively from a server. * tstamp task would in certain cases parse the SOURCE_DATE_EPOCH environment variable value to an incorrect date. This has now been fixed. * fetch.xml didn't set up non-default repositories propery and thus failed to download JAI. * When building and installing Ant distribution from source, the build script would change permissions on unrelated files in the destination directory. This is now fixed and such unrelated files in the destination directory will be left untouched. * parsing tar entries with multiple NUL bytes in their name would include garbage bytes as the name included all bytes up to the last NUL rather than the first. * loadresource might log warnings even though quiet was set to true * javac task would add paths constructs containing wildcards to the internally created argument file where wildcards are not allowed * Other changes: * added an implementation of the MIME Mail sender based on the repackaged Jakarta Mail package rather than javax Mail. * The "listener" element in the junitlauncher task now supports an "extension" attribute to control the filename extension of the generated output file from the listener. * now supports FTPs. * DirectoryScanner avoids listing directory contents when it known it will never use the information retrieved. This may improve performance in some special cases. * will now create the parent directory of the manifestFile attribute if it doesn't exist. * org.apache.tools.ant.BuildLogger now has a new method getMessageOutputLevel() which returns the currently set message output level * Packaging changes: * Package and distribute the new `ant-jakartamail` * Update ant keyring with new developer keys eclipse: * Fix build with hamcrest 2.2 jakarta-mail, jakarta-activation: * Added to Development Tools module as they are needed by the new `ant- jakartamail` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4616=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4616=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4616=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4616=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4616=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4616=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4616=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * openSUSE Leap 15.5 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * Development Tools Module 15-SP4 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * Development Tools Module 15-SP5 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Enterprise Storage 7.1 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:36:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:36:11 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136217109.9735.1841050904184136314@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:39:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:39:21 -0000 Subject: SUSE-FU-2023:4616-1: moderate: Feature update for ant, eclipse, jakarta-mail, jakarta-activation Message-ID: <170136236128.9735.12530789961268477826@smelt2.prg2.suse.org> # Feature update for ant, eclipse, jakarta-mail, jakarta-activation Announcement ID: SUSE-FU-2023:4616-1 Rating: moderate References: * jsc#PED-6376 * jsc#PED-6377 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that contains two features can now be installed. ## Description: This update for ant, eclipse, jakarta-mail, jakarta-activation fixes the following issues: ant: * Version update to 1.10.13 (jsc#PED-6377, jsc#PED-6376): * Breaking changes: * has a new attribute authenticateOnRedirect that can be used to prevent Ant from sending the configured credentials when following a redirect. It is false by default, which means builds that rely on credentials being used on the redirected URI may break. * Fixed bugs: * the PropertyEnumerator change introduced in 1.10.9 proved to be not fully backwards compatible when combined with certain custom PropertyHelper implementations - for example when using AntXtras. * legacy-xml reporter of the junitlauncher task now escapes ]]> when writing CDATA. * may leak connections when trying to preserve the last modified timestamps of files transferred recursively from a server. * tstamp task would in certain cases parse the SOURCE_DATE_EPOCH environment variable value to an incorrect date. This has now been fixed. * fetch.xml didn't set up non-default repositories propery and thus failed to download JAI. * When building and installing Ant distribution from source, the build script would change permissions on unrelated files in the destination directory. This is now fixed and such unrelated files in the destination directory will be left untouched. * parsing tar entries with multiple NUL bytes in their name would include garbage bytes as the name included all bytes up to the last NUL rather than the first. * loadresource might log warnings even though quiet was set to true * javac task would add paths constructs containing wildcards to the internally created argument file where wildcards are not allowed * Other changes: * added an implementation of the MIME Mail sender based on the repackaged Jakarta Mail package rather than javax Mail. * The "listener" element in the junitlauncher task now supports an "extension" attribute to control the filename extension of the generated output file from the listener. * now supports FTPs. * DirectoryScanner avoids listing directory contents when it known it will never use the information retrieved. This may improve performance in some special cases. * will now create the parent directory of the manifestFile attribute if it doesn't exist. * org.apache.tools.ant.BuildLogger now has a new method getMessageOutputLevel() which returns the currently set message output level * Packaging changes: * Package and distribute the new `ant-jakartamail` * Update ant keyring with new developer keys eclipse: * Fix build with hamcrest 2.2 jakarta-mail, jakarta-activation: * Added to Development Tools module as they are needed by the new `ant- jakartamail` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4616=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4616=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4616=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4616=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4616=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4616=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4616=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * openSUSE Leap 15.5 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * Development Tools Module 15-SP4 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * Development Tools Module 15-SP5 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Enterprise Storage 7.1 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136180430.5512.3681828054604642542@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 16:36:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:36:16 -0000 Subject: SUSE-RU-2023:4617-1: moderate: Recommended update for javapackages-tools Message-ID: <170136217659.9735.2720122680834398310@smelt2.prg2.suse.org> # Recommended update for javapackages-tools Announcement ID: SUSE-RU-2023:4617-1 Rating: moderate References: * jsc#PED-6376 * jsc#PED-6377 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for javapackages-tools fixes the following issues: * Add requirement for `python-xml` as it is needed by some scripts * Ensure reproducibility of built binaries * Minor bug fixes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4617=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4617=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4617=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4617=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4617=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4617=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4617=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4617=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4617=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4617=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4617=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4617=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4617=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4617=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * openSUSE Leap 15.5 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * Basesystem Module 15-SP4 (noarch) * python3-javapackages-6.2.0-150200.3.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * Basesystem Module 15-SP5 (noarch) * python3-javapackages-6.2.0-150200.3.12.1 * Development Tools Module 15-SP4 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * Development Tools Module 15-SP5 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * SUSE Enterprise Storage 7.1 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * javapackages-tools-6.2.0-150200.3.12.1 * javapackages-filesystem-6.2.0-150200.3.12.1 * openSUSE Leap 15.4 (noarch) * javapackages-ivy-6.2.0-150200.3.12.1 * javapackages-local-6.2.0-150200.3.12.1 * python3-javapackages-6.2.0-150200.3.12.1 * javapackages-gradle-6.2.0-150200.3.12.1 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4623-1: moderate: Security update for traceroute Message-ID: <170137620422.29966.4373835496549680542@smelt2.prg2.suse.org> # Security update for traceroute Announcement ID: SUSE-SU-2023:4623-1 Rating: moderate References: * bsc#1216591 Cross-References: * CVE-2023-46316 CVSS scores: * CVE-2023-46316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-46316 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for traceroute fixes the following issues: * CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4623=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4623=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4623=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4623=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4623=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4623=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4623=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4623=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4623=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4623=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4623=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46316.html * https://bugzilla.suse.com/show_bug.cgi?id=1216591 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4622-1: important: Security update for libqt4 Message-ID: <170137620915.29966.4908761581594726516@smelt2.prg2.suse.org> # Security update for libqt4 Announcement ID: SUSE-SU-2023:4622-1 Rating: important References: * bsc#1196654 * bsc#1211298 * bsc#1211798 * bsc#1211994 * bsc#1213326 * bsc#1214327 Cross-References: * CVE-2021-45930 * CVE-2023-32573 * CVE-2023-32763 * CVE-2023-34410 * CVE-2023-37369 * CVE-2023-38197 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for libqt4 fixes the following issues: * CVE-2021-45930: Fix out of-bounds write when parsing path nodes (bsc#1196654). * CVE-2023-32573: Fix missing initialization of QSvgFont unitsPerEm (bsc#1211298). * CVE-2023-32763: Fix potential buffer when rendering a SVG file with an image inside (bsc#1211798). * CVE-2023-34410: Fix missing sync of disablement of loading root certificates in qsslsocketprivate (bsc#1211994). * CVE-2023-37369: Fix buffer overflow in QXmlStreamReader (bsc#1214327). * CVE-2023-38197: Fix infinite loops in QXmlStreamReader (bsc#1213326). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4622=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4622=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-unixODBC-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-sqlite-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-mysql-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-32bit-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-unixODBC-32bit-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-4.8.7-8.19.1 * libqt4-sql-unixODBC-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-4.8.7-8.19.1 * libqt4-devel-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-4.8.7-8.19.1 * libqt4-linguist-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-private-headers-devel-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-linguist-debuginfo-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-4.8.7-8.19.1 * libqt4-devel-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libqt4-devel-doc-data-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-unixODBC-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-37369.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 * https://bugzilla.suse.com/show_bug.cgi?id=1214327 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Nov 30 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2023 20:30:10 -0000 Subject: SUSE-FU-2023:4616-1: moderate: Feature update for ant, eclipse, jakarta-mail, jakarta-activation Message-ID: <170137621037.29966.5690559475720529840@smelt2.prg2.suse.org> # Feature update for ant, eclipse, jakarta-mail, jakarta-activation Announcement ID: SUSE-FU-2023:4616-1 Rating: moderate References: * jsc#PED-6376 * jsc#PED-6377 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that contains two features can now be installed. ## Description: This update for ant, eclipse, jakarta-mail, jakarta-activation fixes the following issues: ant: * Version update to 1.10.13 (jsc#PED-6377, jsc#PED-6376): * Breaking changes: * has a new attribute authenticateOnRedirect that can be used to prevent Ant from sending the configured credentials when following a redirect. It is false by default, which means builds that rely on credentials being used on the redirected URI may break. * Fixed bugs: * the PropertyEnumerator change introduced in 1.10.9 proved to be not fully backwards compatible when combined with certain custom PropertyHelper implementations - for example when using AntXtras. * legacy-xml reporter of the junitlauncher task now escapes ]]> when writing CDATA. * may leak connections when trying to preserve the last modified timestamps of files transferred recursively from a server. * tstamp task would in certain cases parse the SOURCE_DATE_EPOCH environment variable value to an incorrect date. This has now been fixed. * fetch.xml didn't set up non-default repositories propery and thus failed to download JAI. * When building and installing Ant distribution from source, the build script would change permissions on unrelated files in the destination directory. This is now fixed and such unrelated files in the destination directory will be left untouched. * parsing tar entries with multiple NUL bytes in their name would include garbage bytes as the name included all bytes up to the last NUL rather than the first. * loadresource might log warnings even though quiet was set to true * javac task would add paths constructs containing wildcards to the internally created argument file where wildcards are not allowed * Other changes: * added an implementation of the MIME Mail sender based on the repackaged Jakarta Mail package rather than javax Mail. * The "listener" element in the junitlauncher task now supports an "extension" attribute to control the filename extension of the generated output file from the listener. * now supports FTPs. * DirectoryScanner avoids listing directory contents when it known it will never use the information retrieved. This may improve performance in some special cases. * will now create the parent directory of the manifestFile attribute if it doesn't exist. * org.apache.tools.ant.BuildLogger now has a new method getMessageOutputLevel() which returns the currently set message output level * Packaging changes: * Package and distribute the new `ant-jakartamail` * Update ant keyring with new developer keys eclipse: * Fix build with hamcrest 2.2 jakarta-mail, jakarta-activation: * Added to Development Tools module as they are needed by the new `ant- jakartamail` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4616=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4616=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4616=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4616=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4616=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4616=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4616=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4616=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4616=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * openSUSE Leap 15.5 (noarch) * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-commons-net-1.10.13-150200.4.15.2 * jakarta-activation-javadoc-2.1.0-150200.5.5.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-contrib-manual-1.0b3-150200.11.10.1 * ant-swing-1.10.13-150200.4.15.2 * eclipse-jdt-4.15-150200.4.10.41 * jakarta-activation-2.1.0-150200.5.5.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * eclipse-p2-discovery-4.15-150200.4.10.41 * eclipse-p2-discovery-bootstrap-4.15-150200.4.10.42 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-contrib-javadoc-1.0b3-150200.11.10.1 * ant-testutil-1.10.13-150200.4.15.2 * ant-jsch-1.10.13-150200.4.15.2 * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * ant-xz-1.10.13-150200.4.15.2 * eclipse-jdt-bootstrap-4.15-150200.4.10.42 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * jakarta-mail-javadoc-2.1.0-150200.5.5.2 * ant-junit5-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-apache-xalan2-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-imageio-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * Development Tools Module 15-SP4 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * Development Tools Module 15-SP5 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * eclipse-pde-bootstrap-4.15-150200.4.10.42 * eclipse-platform-debuginfo-4.15-150200.4.10.41 * eclipse-swt-bootstrap-4.15-150200.4.10.42 * eclipse-platform-4.15-150200.4.10.41 * eclipse-swt-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-debugsource-4.15-150200.4.10.41 * eclipse-equinox-osgi-bootstrap-4.15-150200.4.10.42 * eclipse-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-platform-bootstrap-4.15-150200.4.10.42 * eclipse-contributor-tools-4.15-150200.4.10.41 * eclipse-bootstrap-debugsource-4.15-150200.4.10.42 * eclipse-pde-4.15-150200.4.10.41 * eclipse-debuginfo-4.15-150200.4.10.41 * eclipse-swt-debuginfo-4.15-150200.4.10.41 * eclipse-swt-4.15-150200.4.10.41 * eclipse-platform-bootstrap-debuginfo-4.15-150200.4.10.42 * eclipse-equinox-osgi-4.15-150200.4.10.41 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 * SUSE Enterprise Storage 7.1 (noarch) * ant-apache-resolver-1.10.13-150200.4.15.2 * ant-junit-1.10.13-150200.4.15.2 * ant-swing-1.10.13-150200.4.15.2 * jakarta-mail-2.1.0-150200.5.5.2 * ant-jdepend-1.10.13-150200.4.15.2 * ant-apache-oro-1.10.13-150200.4.15.2 * ant-manual-1.10.13-150200.4.15.2 * ant-jakartamail-1.10.13-150200.4.15.2 * ant-antlr-1.10.13-150200.4.15.2 * ant-apache-bcel-1.10.13-150200.4.15.2 * ant-javamail-1.10.13-150200.4.15.2 * ant-scripts-1.10.13-150200.4.15.2 * ant-apache-regexp-1.10.13-150200.4.15.2 * ant-commons-logging-1.10.13-150200.4.15.2 * ant-apache-bsf-1.10.13-150200.4.15.2 * jakarta-activation-2.1.0-150200.5.5.2 * ant-1.10.13-150200.4.15.2 * ant-jmf-1.10.13-150200.4.15.2 * ant-apache-log4j-1.10.13-150200.4.15.2 * ant-contrib-1.0b3-150200.11.10.1 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: